The vulnerability (CVE-2026-34068) in nimiq-transaction affects versions prior to 1.3.0 and involves improper verification of cryptographic signatures (CWE-347). The staking contract's UpdateValidator transactions can set a new voting key without requiring the proof of knowledge, which is necessary to prevent BLS rogue-key attacks when validator voting keys are aggregated. Tendermint macro block justification verification aggregates validator voting keys and verifies a single aggregated BLS signature. A rogue-key voting key in the validator set could allow an attacker to forge a quorum-looking justification with only one signature. However, exploitability is low because the attacker must predict the next epoch validator set, which is selected via a verifiable random function (VRF). The vulnerability is fixed in nimiq-transaction version 1.3.0. No known workarounds exist.

This vulnerability allows an attacker to bypass the proof-of-knowledge requirement for new voting keys, enabling a BLS rogue-key attack that could forge a quorum-looking justification with a single signature. This compromises the integrity of validator voting in the Nimiq blockchain staking contract. While the impact on integrity is high, the likelihood of exploitation is low due to the unpredictability of the next epoch validator set. There is no impact on confidentiality or availability reported.

A fix for this vulnerability is included in nimiq-transaction version 1.3.0. Users should upgrade to version 1.3.0 or later to remediate this issue. No known workarounds are available. Patch status is not explicitly confirmed in the vendor advisory beyond the mention of inclusion in v1.3.0, so users should verify upgrade availability and apply the official update.