VYPR
Medium severity5.3GHSA Advisory· Published Jun 10, 2026· Updated Jun 10, 2026

CVE-2026-46543

CVE-2026-46543

Description

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with "No macro blocks before genesis block". This issue has been patched in version 1.5.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
nimiq-blockchaincrates.io
< 1.5.01.5.0

Affected products

1

Patches

Vulnerability mechanics

References

6

News mentions

1