CVE-2026-46539
MEDIUM5.9nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
Description
### Impact A logic flaw in `BlockInclusionProof::is_block_proven` causes the function to return true without performing any cryptographic verification when `get_interlink_hops` yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election head's epoch. An attacker providing transaction inclusion proofs can forge a MacroBlock header for that epoch position and have it accepted as "proven" without any hash or signature verification. ### Patches [The patch for this vulnerability](https://github.com/nimiq/core-rs-albatross/pull/3705) is formally released as part of [v1.4.0](https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0). ### Workarounds No Workarounds ### Resources See [PR](https://github.com/nimiq/core-rs-albatross/pull/3705).
Affected packages (1)
- crates.io/nimiq-primitivesfrom 0, <= 0.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
References (5)
- PATCHhttps://github.com/nimiq/core-rs-albatross
- WEBhttps://github.com/nimiq/core-rs-albatross/commit/cc5a1d54bbbffd1ea975bd2ee87d5f7b3b30bbf1
- WEBhttps://github.com/nimiq/core-rs-albatross/pull/3705
- WEBhttps://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0
- WEBhttps://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-799f-29jm-gr6c