nimiq CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM nimiq CVE published 2026-05-20

CVE-2026-40094

CVE-2026-40094 is a denial-of-service issue in Nimiq's Rust implementation where network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in the peer contact book. Because a PeerContact can legally contain an empty addresses list and no intrinsic validation enforces a non-empty list, later address-book construction can panic when it reaches an "every peer should hav [truncated]

HIGH nimiq CVE published 2026-05-20

CVE-2026-40092

CVE-2026-40092 is a denial-of-service vulnerability in Nimiq’s Rust blockchain implementation. In affected versions, a remote peer can send a crafted Kademlia DHT record that causes a full node to panic during signature verification, crashing the process. The issue is fixed in v1.4.0.