CVE-2026-34067

Name of the Vulnerable Software and Affected Versions nimiq-transaction versions prior to 1.3.0

Description The HistoryTreeProof::verify() function panics when processing a malformed proof where history.len() does not equal positions.len(), caused by an assert eq! check. Because the proof object is derived from untrusted p2p responses via ResponseTransactionsProof.proof, it is attacker-controlled at the network boundary. A malicious peer can trigger a system crash by providing a crafted inclusion proof with a length mismatch.

Recommendations Update to version 1.3.0.