Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the first locator hash on the victim’s main chain is a micro block hash (not a macro block hash) causes said panic. The RequestMacroChain::handle handler selects the locator based only on "is on main chain", then calls get_macro_blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro). This issue has been fixed in version 1.3.0.
Published: 2026-04-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (node crash)
Action: Patch immediately
AI Analysis

Impact

An unauthenticated peer on the Nimiq network can send a specially crafted RequestMacroChain message that contains a micro block hash as the first locator. The message handler incorrectly assumes the locator is a macro block hash, calls get_macro_blocks(), and panics through an unwrap when the hash is not a macro block. This results in the node crashing, causing a denial of service for that peer and potentially disrupting network consensus.

Affected Systems

The vulnerability affects the Rust implementation of the Nimiq Proof‑of‑Stake protocol, core‑rs‑albatross. Versions 1.2.2 and earlier are impacted. The issue was fixed in release 1.3.0.

Risk and Exploitability

With a CVSS score of 5.3 the vulnerability is considered medium severity. No EPSS data is available and the vulnerability is not listed in the CISA KEV catalog. An attacker only needs to establish a peer‑to‑peer connection to the target node and send the malformed RequestMacroChain request; no authentication or privileged access is required. Because the exploit relies on a single malicious peer message, the probability of widespread exploitation is moderate but the impact on an affected node is significant.

Generated by OpenCVE AI on April 14, 2026 at 01:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Nimiq core‑rs‑albatross client to at least version 1.3.0 to eliminate the panic caused by the RequestMacroChain message.
  • Restart the node after the upgrade and verify that it no longer crashes to validate the fix.
  • Continue to monitor the node’s logs for unexpected panics and keep the software updated.

Generated by OpenCVE AI on April 14, 2026 at 01:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-48m6-486p-9j8p nimiq-consensus panics via RequestMacroChain micro-block locator
History

Fri, 24 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Nimiq nimiq Proof-of-stake
CPEs cpe:2.3:a:nimiq:nimiq_proof-of-stake:*:*:*:*:*:rust:*:*
Vendors & Products Nimiq nimiq Proof-of-stake

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Nimiq
Nimiq core-rs-albatross
Vendors & Products Nimiq
Nimiq core-rs-albatross

Tue, 14 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Description nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the first locator hash on the victim’s main chain is a micro block hash (not a macro block hash) causes said panic. The RequestMacroChain::handle handler selects the locator based only on "is on main chain", then calls get_macro_blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro). This issue has been fixed in version 1.3.0.
Title nimiq-consensus panics via RequestMacroChain micro-block locator
Weaknesses CWE-617
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Nimiq Core-rs-albatross Nimiq Proof-of-stake
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-14T16:28:14.091Z

Reserved: 2026-03-25T16:21:40.867Z

Link: CVE-2026-34069

cve-icon Vulnrichment

Updated: 2026-04-14T15:35:52.461Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T00:16:07.023

Modified: 2026-04-24T17:10:45.767

Link: CVE-2026-34069

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:32:01Z

Weaknesses