CVE Catalog

CVE-2026-46545

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

Nimiq is a Rust implementation of the Proof-of-Stake protocol that prior to version 1.5.0 had a remote, unauthenticated denial-of-service vulnerability in the MerkleRadixTrie::put_chunk method. An attacker could crash any state-sync node.

Risk Assessment

This vulnerability could lead to disruption of node operations in the network, affecting service availability and the overall stability of the system. Newly joining nodes and recovering nodes are particularly at risk.

Recommendation

It is recommended to upgrade to version 1.5.0 or later to eliminate this vulnerability and secure nodes against potential attacks.

Original NVD description (English source)

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes). This issue has been patched in version 1.5.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS