Primary

Context

Nimiq Blockchain Kademlia DHT Record Vulnerability Causes Node Crash

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the Nimiq Blockchain Rust implementation, specifically in versions through 1.3.0. The issue arises when a malicious network peer publishes a crafted Kademlia DHT record containing a TaggedSigned<ValidatorRecord, KeyPair> with an improperly sized signature. This malformed record causes the victim node to crash when the DHT verifier attempts to validate the signature, leading to a panic. The vulnerability has been patched in version 1.4.0.

Impact

Exploitation of this vulnerability causes a panic in the affected node, leading to a crash.

Remediation

Users can upgrade to Nimiq Blockchain version 1.4.0 to address this vulnerability.

Added: May 20, 2026, 10:24 PM

Updated: May 20, 2026, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

8.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

8.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nimiq Blockchain Kademlia DHT Record Vulnerability Causes Node Crash

Vulnerability

Impact

Remediation

Affected Products

nimiq-blockchain

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating