Description
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within the same epoch). During history sync, a peer can influence the `history: &[HistoricTransaction]` input passed into `Blockchain::push_history_sync`, and a malformed history list can violate these invariants and trigger a panic. `extend_history_sync` calls `this.history_store.add_to_history(..)` before comparing the computed history root against the macro block header (`block.history_root()`), so the panic can happen before later rejection checks run. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.
Published: 2026-04-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from an assert in the `HistoryStore::put_historic_txns` function, which verifies that each historic transaction’s block number belongs to the macro block being pushed and to the same epoch. During a history synchronization, a malicious peer can supply a crafted list of historic transactions with block numbers outside these boundaries. The inbound list is fed into `Blockchain::push_history_sync`, and before the node rejects the history based on the root hash comparison, the assert in the history store can fire, causing a panic and terminating the node. Because the panic occurs prior to other validation checks, the attack can successfully crash a node that otherwise would have rejected the malformed data, effectively denying service to that node and potentially disrupting the network topology.

Affected Systems

The flaw is present in the Rust implementation of Nimiq’s blockchain, specifically the nimiq-blockchain component. All versions released before 1.3.0 include the buggy assert. The vulnerability is triggered when a node participates in the history synchronization protocol and receives a history that does not satisfy the block‑number invariants.

Risk and Exploitability

With a CVSS score of 5.3 the hazard is moderate, yet a malicious or compromised peer can exploit it over the peer‑to‑peer network by sending a malicious history during sync. The likelihood of exploitation is uncertain because the EPSS score is not available and the issue is not listed in the CISA KEV catalog. Nonetheless any node still running a pre‑1.3.0 build remains vulnerable to a denial‑of‑service attack that could cause repeated crashes and loss of node availability.

Generated by OpenCVE AI on April 27, 2026 at 08:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Nimiq blockchain software to version 1.3.0 or newer
  • Disable or restrict history sync functionality from untrusted peers until the node is upgraded
  • Configure automated monitoring to detect and recover from node crashes, ensuring high availability

Generated by OpenCVE AI on April 27, 2026 at 08:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j99g-7rqw-q9jg nimiq-blockchain: Peer-triggerable panic during history sync
History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Nimiq nimiq-blockchain
Vendors & Products Nimiq nimiq-blockchain

Fri, 24 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Nimiq
Nimiq nimiq Proof-of-stake
CPEs cpe:2.3:a:nimiq:nimiq_proof-of-stake:*:*:*:*:*:rust:*:*
Vendors & Products Nimiq
Nimiq nimiq Proof-of-stake

Thu, 23 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within the same epoch). During history sync, a peer can influence the `history: &[HistoricTransaction]` input passed into `Blockchain::push_history_sync`, and a malformed history list can violate these invariants and trigger a panic. `extend_history_sync` calls `this.history_store.add_to_history(..)` before comparing the computed history root against the macro block header (`block.history_root()`), so the panic can happen before later rejection checks run. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.
Title nimiq-blockchain: Peer-triggerable panic during history sync
Weaknesses CWE-20
CWE-617
CWE-754
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Nimiq Nimiq-blockchain Nimiq Proof-of-stake
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-23T12:57:06.467Z

Reserved: 2026-03-25T16:21:40.867Z

Link: CVE-2026-34066

cve-icon Vulnrichment

Updated: 2026-04-23T12:57:00.867Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T20:16:41.237

Modified: 2026-04-24T17:12:43.110

Link: CVE-2026-34066

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T19:53:08Z

Weaknesses