CVE-2026-46542 Overview
CVE-2026-46542 is a denial-of-service vulnerability in Nimiq, a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The flaw resides in the Ed25519 multisig delinearization code path. The Ed25519PublicKey::delinearize() function in keys/src/multisig/mod.rs calls .unwrap() on curve point decompression. This panics when a public key is constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Because Ed25519PublicKey construction validates only byte length and not curve membership, attacker-supplied invalid keys reach the delinearization path and crash the hosting process. The issue is patched in version 1.4.0 and is tracked under [CWE-617] (Reachable Assertion).
Critical Impact
A remote attacker can submit a malformed 32-byte public key that triggers an unhandled panic, crashing the Nimiq node process and disrupting protocol participation.
Affected Products
- Nimiq core-rs-albatross prior to version 1.4.0
- Nodes running the Nimiq Proof-of-Stake protocol on the Albatross consensus algorithm
- Any Rust application embedding the affected multisig module
Discovery Timeline
- 2026-06-10 - CVE-2026-46542 published to NVD
- 2026-06-10 - Last updated in NVD database
Technical Details for CVE-2026-46542
Vulnerability Analysis
The defect is a reachable panic in cryptographic input handling. The Nimiq multisig implementation constructs an Ed25519PublicKey by validating only the 32-byte length of the input. It defers actual curve-point validation until the key is used during delinearization, the process that combines multiple public keys for multisignature operations.
When Ed25519PublicKey::delinearize() attempts to decompress the encoded point, it invokes .unwrap() on a Result that returns an error for non-curve points. The unwrap converts the error into a process-terminating panic. Because input validation is incomplete at the construction boundary, untrusted bytes propagate into a code path that assumes well-formed input.
Root Cause
The root cause is missing curve-membership validation combined with the use of .unwrap() on a fallible cryptographic operation. Rust's .unwrap() is appropriate only when failure is impossible. Here, failure depends entirely on attacker-controlled bytes, so the assumption is invalid and the panic is reachable.
Attack Vector
An attacker submits a 32-byte payload that passes length validation but encodes a value not on the Ed25519 curve. When the node processes a multisig operation referencing the malformed key, delinearize() panics and the process terminates. The attack requires network reachability and minimal complexity. It does not require authentication, but the CVSS vector indicates user interaction is needed to trigger the vulnerable code path. Impact is limited to availability of the hosting process.
No verified proof-of-concept code is publicly available. For technical details, see the GitHub Security Advisory GHSA-h9cc-w26m-j342 and the GitHub Pull Request Discussion.
Detection Methods for CVE-2026-46542
Indicators of Compromise
- Unexpected termination of Nimiq node processes with panic messages referencing delinearize or Ed25519 decompression
- Stack traces pointing to keys/src/multisig/mod.rs in process crash logs
- Repeated node restarts correlated with inbound multisig-related network traffic
Detection Strategies
- Monitor process supervisor logs for repeated panics originating in the multisig module
- Inspect peer messages for 32-byte public key payloads that fail Ed25519 curve validation when replayed in a controlled environment
- Correlate sudden node unavailability across the network with shared peer sources to identify malicious actors
Monitoring Recommendations
- Alert on Nimiq process exit codes consistent with Rust panics
- Track node uptime and restart frequency as a signal of exploitation attempts
- Capture stderr from node processes to retain panic backtraces for forensic review
How to Mitigate CVE-2026-46542
Immediate Actions Required
- Upgrade all Nimiq nodes to version 1.4.0 or later without delay
- Restart any node services after applying the patched binary to ensure the vulnerable code path is no longer loaded
- Audit downstream Rust applications that depend on the affected keys crate and update them to consume the fixed version
Patch Information
The vulnerability is fixed in Nimiq core-rs-albatross version 1.4.0. The patch adds curve-membership validation so invalid Ed25519 encodings are rejected before reaching delinearize(), and it replaces the unconditional .unwrap() with explicit error handling. Refer to the GitHub Release v1.4.0 for the official release notes.
Workarounds
- No official workaround is published; upgrading to version 1.4.0 is the supported remediation
- Where immediate patching is not feasible, restrict node exposure by limiting peer connectivity to trusted networks
- Run node processes under a supervisor that automatically restarts on panic to reduce downtime until the patch is deployed
# Update to the patched version using cargo
cargo update -p nimiq --precise 1.4.0
# Verify the installed version
cargo pkgid nimiq
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
