CVE-2026-33471: CWE-20: Improper Input Validation in nimiq nimiq-block
CVE-2026-33471 is a critical vulnerability in the nimiq-block Rust implementation prior to version 1. 3. 0. It involves improper input validation in the SkipBlockProof::verify function, where out-of-range signer indices can be exploited to bypass quorum checks. This allows a malicious validator with fewer than the required number of signer slots to pass verification by manipulating signature aggregation. The vulnerability has a CVSS score of 9. 6, indicating high impact on integrity and availability. A patch fixing this issue was included in version 1. 3. 0.
AI Analysis
Technical Summary
The vulnerability in nimiq-block versions before 1.3.0 arises from improper input validation in the SkipBlockProof::verify method. The method calculates quorum using BitSet.len() and casts usize indices to u16 for slot lookup. Attackers can supply MultiSignature.signers with out-of-range indices spaced by 65536, inflating the length count but causing collisions on the same u16 slot during aggregation. This flaw enables a malicious validator to appear as if it has the required 2f+1 signer slots by effectively multiplying a single BLS signature, thus bypassing the quorum check. The issue is fixed in nimiq-block v1.3.0. No mitigations other than upgrading are known.
Potential Impact
This vulnerability allows an attacker controlling a malicious validator to bypass the quorum verification in skip block proofs, potentially compromising the integrity of the consensus process. It does not affect confidentiality but can lead to invalid blocks being accepted, impacting system availability and trustworthiness. The CVSS 3.1 score of 9.6 reflects critical severity with network attack vector, low attack complexity, and partial privileges required.
Mitigation Recommendations
Upgrade to nimiq-block version 1.3.0 or later, which includes the official fix for this vulnerability. No other workarounds or mitigations are available. Users should apply this patch promptly to prevent exploitation.
CVE-2026-33471: CWE-20: Improper Input Validation in nimiq nimiq-block
Description
CVE-2026-33471 is a critical vulnerability in the nimiq-block Rust implementation prior to version 1. 3. 0. It involves improper input validation in the SkipBlockProof::verify function, where out-of-range signer indices can be exploited to bypass quorum checks. This allows a malicious validator with fewer than the required number of signer slots to pass verification by manipulating signature aggregation. The vulnerability has a CVSS score of 9. 6, indicating high impact on integrity and availability. A patch fixing this issue was included in version 1. 3. 0.
CVSS v3.1
Score 9.6critical
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in nimiq-block versions before 1.3.0 arises from improper input validation in the SkipBlockProof::verify method. The method calculates quorum using BitSet.len() and casts usize indices to u16 for slot lookup. Attackers can supply MultiSignature.signers with out-of-range indices spaced by 65536, inflating the length count but causing collisions on the same u16 slot during aggregation. This flaw enables a malicious validator to appear as if it has the required 2f+1 signer slots by effectively multiplying a single BLS signature, thus bypassing the quorum check. The issue is fixed in nimiq-block v1.3.0. No mitigations other than upgrading are known.
Potential Impact
This vulnerability allows an attacker controlling a malicious validator to bypass the quorum verification in skip block proofs, potentially compromising the integrity of the consensus process. It does not affect confidentiality but can lead to invalid blocks being accepted, impacting system availability and trustworthiness. The CVSS 3.1 score of 9.6 reflects critical severity with network attack vector, low attack complexity, and partial privileges required.
Mitigation Recommendations
Upgrade to nimiq-block version 1.3.0 or later, which includes the official fix for this vulnerability. No other workarounds or mitigations are available. Users should apply this patch promptly to prevent exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-20T16:16:48.969Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e921fb19fe3cd2cde59f65
Added to database: 4/22/2026, 7:31:07 PM
Last enriched: 4/30/2026, 8:12:57 AM
Last updated: 6/5/2026, 4:58:26 PM
Views: 96
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.