Description
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record via dht_verifier.verify(&record.record). On verifier error, handle_dht_get logs and returns early without completing the oneshot used by Network::dht_get, and without cleaning up per-query bookkeeping. Later query progress can hit the "DHT inconsistent state" path and also return without cleanup. Because Network::dht_get awaits the oneshot without a timeout, the caller future can hang indefinitely. This issue has been patched in version 1.4.0.
Published: 2026-06-09
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A bug in the network-libp2p component of the Nimiq core-rs-albatross client allows an untrusted peer to cause a DHT query to hang indefinitely. When a peer returns a FoundRecord that fails verification, the evaluator logs the error and prematurely returns without completing the oneshot used by the dht_get future. This leaves the query bookkeeping in an inconsistent state and can trigger a path that also returns without cleanup. Consequently, Network::dht_get awaits a oneshot that never resolves, leading to an indefinite stall of the caller future and a loss of service availability.

Affected Systems

The vulnerability affects the Nimiq core-rs-albatross implementation of the Nimiq Proof‑of‑Stake protocol, specifically the network‑libp2p module that handles DHT queries. Versions prior to 1.4.0 are impacted. The upgrade to 1.4.0 includes the fix that ensures normal cleanup and timeout handling.

Risk and Exploitability

The CVSS score is 5.3, reflecting moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating a lower immediate exploitation likelihood. However, the flaw can be triggered by any peer that connects to the vulnerable node, so an attacker can remotely exploit the vulnerability by sending a crafted response that causes verification to fail. The absence of a timeout on the waiting future means the node will hang until manual intervention or a reboot, providing a denial‑of‑service vector.

Generated by OpenCVE AI on June 10, 2026 at 01:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Nimiq core‑rs‑albatross client to version 1.4.0 or later, which patches the DHT query handling and ensures proper cleanup and timeout behavior.
  • Restart the node after upgrading so that any in‑flight DHT queries are cleared and the new logic is activated.
  • Continuously monitor network logs for DHT query failures and verify that no hanging queries occur after the update.

Generated by OpenCVE AI on June 10, 2026 at 01:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Nimiq
Nimiq core-rs-albatross
Vendors & Products Nimiq
Nimiq core-rs-albatross

Wed, 10 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Description Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record via dht_verifier.verify(&record.record). On verifier error, handle_dht_get logs and returns early without completing the oneshot used by Network::dht_get, and without cleaning up per-query bookkeeping. Later query progress can hit the "DHT inconsistent state" path and also return without cleanup. Because Network::dht_get awaits the oneshot without a timeout, the caller future can hang indefinitely. This issue has been patched in version 1.4.0.
Title Nimiq network-libp2p: Untrusted peer can wedge DHT
Weaknesses CWE-755
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Nimiq Core-rs-albatross
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-09T23:44:20.580Z

Reserved: 2026-05-06T18:28:20.886Z

Link: CVE-2026-44505

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T00:16:52.940

Modified: 2026-06-10T00:16:52.940

Link: CVE-2026-44505

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T02:15:19Z

Weaknesses