CVE-2026-46540
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
In versions prior to 1.4.0 of Nimiq, the LightBlockchain::rebranch() function does not correctly update the macro and election state after adopting a fork chain, leading to verification issues with blocks. This can cause stalls in the light client's chain progression.
Risk Assessment
The organization may face significant performance and stability issues, potentially leading to data loss or stalling of blockchain-related operations.
Recommendation
It is recommended to upgrade to version 1.4.0 or later to mitigate this vulnerability and ensure proper functioning of the light client.
Original NVD description (English source)
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip is a macro block (checkpoint or election), it only updates self.head but fails to update self.macro_head, self.election_head, self.current_validators, or store the election header in the chain_store. This is in direct contrast with the full Blockchain::rebranch() at blockchain/src/blockchain/push.rs:504-518, which correctly updates all macro/election state when the new head is a macro block. After a rebranch to a macro block, the stale macro_head causes subsequent macro blocks pushed via push() to be verified against the wrong predecessor via verify_macro_successor(&this.macro_head). If the rebranch target was an election block, the stale current_validators causes every subsequent block to fail verify_validators(), completely stalling the light client's chain progression. This issue has been patched in version 1.4.0.

