Interlink Binding Flaw in Nimiq Core by Nimiq
CVE-2026-34061

4.9MEDIUM

Key Information:

Vendor

Nimiq

Status
Core-rs-albatross
Vendor
CVE Published:
3 April 2026

What is CVE-2026-34061?

A critical issue has been identified in the Nimiq Core software, which implements the Nimiq Proof-of-Stake protocol. Prior to version 1.3.0, a security flaw allowed an elected validator proposer to send an election macro block with a header interlink that did not align with the canonical next interlink. Despite passing initial validation checks based on header shape and proposer credentials, the malformed block was ultimately rejected post-voting when the integrity check failed. This sequence of events exposed validators to risks of accepting invalid proposals, potentially compromising the network's consensus. The issue was addressed in version 1.3.0, ensuring that block proposals undergo a thorough interlink binding check.

Affected Version(s)

core-rs-albatross < 1.3.0

References

https://github.com/nimiq/core-rs-albatross/security/advis...
x_refsource_CONFIRM
https://github.com/nimiq/core-rs-albatross/pull/3668
x_refsource_MISC
https://github.com/nimiq/core-rs-albatross/commit/9d7d17c...
x_refsource_MISC

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.