PT-2026-34546 · Unknown · Nimiq-Primitives

Published

2026-04-22

Updated

2026-04-23

CVE-2026-34065

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions nimiq-primitives versions prior to 1.3.0

Description An untrusted p2p peer can cause a node to panic by announcing an election macro block where the validators set contains an invalid compressed BLS voting key. This occurs because hashing an election macro header processes validators and triggers the Validators::voting keys() function, which subsequently calls validator.voting key.uncompress().unwrap(). The process panics when it encounters invalid bytes.

Recommendations Update to version 1.3.0.

Fix

Improper Handling of Exceptional Conditions

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-252

Related Identifiers

CVE-2026-34065

GHSA-7C4J-2M43-2MGH

Affected Products

Nimiq-Primitives

PT-2026-34546 · Unknown · Nimiq-Primitives

CVE-2026-34065

Weakness Enumeration

Related Identifiers

Affected Products

References · 8