Timestamp Manipulation Vulnerability in Nimiq's Rust Blockchain Implementation
CVE-2026-40093

8.1HIGH

Key Information:

Vendor: Nimiq
Status: Core-rs-albatross
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-40093?

In the Nimiq blockchain's Rust implementation, the block timestamp validation incorrectly enforces timestamp constraints, allowing malicious validators to produce blocks with arbitrary future timestamps. This flaw compromises the integrity of reward calculations, potentially inflating the monetary supply by bypassing intended emission schedules. Proper bounds checking against the system clock is nonexistent, enabling exploitation that can impact the blockchain's economic model.

Affected Version(s)

core-rs-albatross <= 1.3.0

References

https://github.com/nimiq/core-rs-albatross/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-40093 Data

JSON