What is CVE-2026-34066?

CVE-2026-34066 is a medium-severity vulnerability in Nimiq Nimiq-blockchain, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2026-04-22.

How severe is CVE-2026-34066?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Improper input validation in Nimiq Nimiq-blockchain

CVE-2026-34066

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (31.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H.

Affected products

Nimiq Nimiq-blockchain — versions < 1.3.0

Weakness classification (CWE)

References

https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-j99g-7rqw-q9jg (x_refsource_CONFIRM)
https://github.com/nimiq/core-rs-albatross/pull/3656 (x_refsource_MISC)
https://github.com/nimiq/core-rs-albatross/commit/6f5511309c199d84b012fe6b9aba7e5582892c50 (x_refsource_MISC)
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-34066?: CVE-2026-34066 is a medium-severity vulnerability in Nimiq Nimiq-blockchain, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2026-04-22.
How severe is CVE-2026-34066?: Medium severity. CVSS v3 base score is 5.3 out of 10.