CVE-2026-34068: CWE-347: Improper Verification of Cryptographic Signature in nimiq nimiq-transaction
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts `UpdateValidator` transactions that set `new_voting_key=Some(...)` while omitting `new_proof_of_knowledge`. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block justification verification aggregates validator voting keys and verifies a single aggregated BLS signature against that aggregate public key, a rogue-key voting key in the validator set can allow an attacker to forge a quorum-looking justification while only producing a single signature. While the impact is critical, the exploitability is low: The voting keys are fixed for the epoch, so the attacker would need to know the next epoch validator set (chosen through VRF), which is unlikely. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.
AI Analysis
Technical Summary
The nimiq-transaction Rust implementation prior to version 1.3.0 contains a cryptographic signature verification flaw (CWE-347) in its staking contract. When processing UpdateValidator transactions, the contract accepts a new voting key without requiring the corresponding proof of knowledge, which is necessary to prevent BLS rogue-key attacks during aggregation of validator voting keys. Because Tendermint macro block justification verification aggregates these keys and verifies a single aggregated BLS signature, a rogue voting key can allow an attacker to forge a quorum justification with only one signature. The vulnerability is mitigated by fixing the contract logic in version 1.3.0. Exploitability is low due to the unpredictability of the next epoch validator set chosen via VRF.
Potential Impact
The vulnerability allows an attacker to forge a quorum-looking justification by exploiting the lack of proof-of-knowledge verification for new voting keys in the staking contract. This could undermine the integrity of the consensus process by enabling unauthorized validator signatures. However, the exploitability is low because the attacker must predict the next epoch validator set, which is selected through a secure VRF mechanism. There are no known exploits in the wild.
Mitigation Recommendations
Upgrade to nimiq-transaction version 1.3.0 or later, where this vulnerability is fixed. No official workarounds are available. Since the vendor has not provided a specific advisory or patch link, verify the upgrade path through official nimiq release channels to ensure the fix is applied.
CVE-2026-34068: CWE-347: Improper Verification of Cryptographic Signature in nimiq nimiq-transaction
Description
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts `UpdateValidator` transactions that set `new_voting_key=Some(...)` while omitting `new_proof_of_knowledge`. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block justification verification aggregates validator voting keys and verifies a single aggregated BLS signature against that aggregate public key, a rogue-key voting key in the validator set can allow an attacker to forge a quorum-looking justification while only producing a single signature. While the impact is critical, the exploitability is low: The voting keys are fixed for the epoch, so the attacker would need to know the next epoch validator set (chosen through VRF), which is unlikely. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The nimiq-transaction Rust implementation prior to version 1.3.0 contains a cryptographic signature verification flaw (CWE-347) in its staking contract. When processing UpdateValidator transactions, the contract accepts a new voting key without requiring the corresponding proof of knowledge, which is necessary to prevent BLS rogue-key attacks during aggregation of validator voting keys. Because Tendermint macro block justification verification aggregates these keys and verifies a single aggregated BLS signature, a rogue voting key can allow an attacker to forge a quorum justification with only one signature. The vulnerability is mitigated by fixing the contract logic in version 1.3.0. Exploitability is low due to the unpredictability of the next epoch validator set chosen via VRF.
Potential Impact
The vulnerability allows an attacker to forge a quorum-looking justification by exploiting the lack of proof-of-knowledge verification for new voting keys in the staking contract. This could undermine the integrity of the consensus process by enabling unauthorized validator signatures. However, the exploitability is low because the attacker must predict the next epoch validator set, which is selected through a secure VRF mechanism. There are no known exploits in the wild.
Mitigation Recommendations
Upgrade to nimiq-transaction version 1.3.0 or later, where this vulnerability is fixed. No official workarounds are available. Since the vendor has not provided a specific advisory or patch link, verify the upgrade path through official nimiq release channels to ensure the fix is applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-25T16:21:40.867Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e92c8e19fe3cd2cdeac9a7
Added to database: 4/22/2026, 8:16:14 PM
Last enriched: 4/22/2026, 8:31:04 PM
Last updated: 4/22/2026, 10:45:34 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.