CVE-2026-40092: CWE-252: Unchecked Return Value in nimiq core-rs-albatross
A vulnerability in nimiq core-rs-albatross versions 1. 3. 0 and below allows a malicious network peer to crash a Nimiq full node by sending a crafted Kademlia DHT record with an invalid Ed25519 signature length. This causes a panic due to unchecked return values in signature verification. The issue is fixed in version 1. 4. 0.
AI Analysis
Technical Summary
The vulnerability (CVE-2026-40092) exists in the nimiq-blockchain's Rust implementation core-rs-albatross, specifically in versions prior to 1.4.0. A malicious peer can send a Kademlia DHT record containing a TaggedSigned<ValidatorRecord, KeyPair> with an Ed25519 signature field whose byte length is not exactly 64 bytes. When the node attempts to verify this signature, the Ed25519Signature::from_bytes(sig).unwrap() call panics because the underlying ed25519_zebra::Signature::try_from rejects invalid-length slices. This unchecked unwrap leads to a denial-of-service crash of the full node. The BLS signature verification path does not panic, only the Ed25519 implementation is affected. The issue has been addressed in version 1.4.0.
Potential Impact
Exploitation of this vulnerability results in a denial-of-service condition by crashing any Nimiq full node that processes the maliciously crafted DHT record. There is no impact on confidentiality or integrity, only availability is affected. No known exploits in the wild have been reported.
Mitigation Recommendations
Upgrade to nimiq core-rs-albatross version 1.4.0 or later, where this issue has been fixed. Patch status is not explicitly stated in the vendor advisory, but the fix is included in version 1.4.0. Until upgraded, nodes remain vulnerable to denial-of-service via crafted DHT records.
CVE-2026-40092: CWE-252: Unchecked Return Value in nimiq core-rs-albatross
Description
A vulnerability in nimiq core-rs-albatross versions 1. 3. 0 and below allows a malicious network peer to crash a Nimiq full node by sending a crafted Kademlia DHT record with an invalid Ed25519 signature length. This causes a panic due to unchecked return values in signature verification. The issue is fixed in version 1. 4. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability (CVE-2026-40092) exists in the nimiq-blockchain's Rust implementation core-rs-albatross, specifically in versions prior to 1.4.0. A malicious peer can send a Kademlia DHT record containing a TaggedSigned<ValidatorRecord, KeyPair> with an Ed25519 signature field whose byte length is not exactly 64 bytes. When the node attempts to verify this signature, the Ed25519Signature::from_bytes(sig).unwrap() call panics because the underlying ed25519_zebra::Signature::try_from rejects invalid-length slices. This unchecked unwrap leads to a denial-of-service crash of the full node. The BLS signature verification path does not panic, only the Ed25519 implementation is affected. The issue has been addressed in version 1.4.0.
Potential Impact
Exploitation of this vulnerability results in a denial-of-service condition by crashing any Nimiq full node that processes the maliciously crafted DHT record. There is no impact on confidentiality or integrity, only availability is affected. No known exploits in the wild have been reported.
Mitigation Recommendations
Upgrade to nimiq core-rs-albatross version 1.4.0 or later, where this issue has been fixed. Patch status is not explicitly stated in the vendor advisory, but the fix is included in version 1.4.0. Until upgraded, nodes remain vulnerable to denial-of-service via crafted DHT records.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T00:39:12.206Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0eee5b7b8e1438d0bb6cda
Added to database: 5/21/2026, 11:36:59 AM
Last enriched: 5/21/2026, 11:37:46 AM
Last updated: 5/21/2026, 11:37:56 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.