CVE-2026-46539

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact

A logic flaw in BlockInclusionProof::is block proven causes the function to return true without performing any cryptographic verification when get interlink hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election head's epoch. An attacker providing transaction inclusion proofs can forge a MacroBlock header for that epoch position and have it accepted as "proven" without any hash or signature verification.

Patches

The patch for this vulnerability is formally released as part of v1.4.0.

Workarounds

No Workarounds

Resources

See PR.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2026-46539

GHSA-799F-29JM-GR6C

Affected Products

Nimiq-Primitives

CVE-2026-46539

Impact

Patches

Workarounds

Resources

Weakness Enumeration

Related Identifiers

Affected Products

References · 6