PatchSiren cyber security CVE debrief
CVE-2026-46545 nimiq CVE debrief
CVE-2026-46545 is a high-severity remote denial-of-service vulnerability in the Nimiq Proof-of-Stake protocol. A remote, unauthenticated attacker can exploit a vulnerability in MerkleRadixTrie::put_chunk to crash any node performing state synchronization. This issue was patched in version 1.5.0.
- Vendor
- nimiq
- Product
- core-rs-albatross
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of Nimiq Proof-of-Stake protocol, specifically those running versions prior to 1.5.0, should apply the patch to prevent exploitation.
Technical summary
The vulnerability, tracked as CVE-2026-46545, affects the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. A remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization. The CVSS score for this vulnerability is 7.5, indicating a high severity.
Defensive priority
High
Recommended defensive actions
- Apply the patch by updating to version 1.5.0 or later.
- Review and implement security best practices for node synchronization and authentication.
Evidence notes
The vulnerability was patched in version 1.5.0. For more information, refer to resourceLinkAnnotations with id 'ref-5' and 'ref-6'.
Official resources
CVE-2026-46545 was published on 2026-06-10T00:16:54.770Z and modified on 2026-06-10T19:37:41.437Z.