CVE Catalog

CVE-2026-46541

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

In versions prior to 1.4.0 of Nimiq, in the handle_dht_get() function, the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails (from a malicious DHT node), DhtResults is never created, and all subsequent valid records are discarded with 'DHT inconsistent state' errors.

Risk Assessment

Organizations may be at risk of losing important DHT data, which can lead to issues with the integrity and availability of information in the system. Malicious nodes may exploit this vulnerability to disrupt network operations.

Recommendation

It is recommended to upgrade to version 1.4.0 or later to patch this vulnerability and ensure the proper functioning of the DhtResults accumulator.

Original NVD description (English source)

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails (from a malicious DHT node), DhtResults is never created, and all subsequent valid records are discarded with "DHT inconsistent state" errors. This issue has been patched in version 1.4.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS