Critical Nimiq Block Vulnerability: SkipBlockProof Bypass
The National Vulnerability Database (NVD) has detailed CVE-2026-33471, a critical vulnerability (CVSS 9.6) in nimiq-block, a component used in Nimiq’s Rust implementation. This flaw, present prior to version 1.3.0, allows a malicious validator to bypass SkipBlockProof::verify checks. The issue stems from how SkipBlockProof::verify computes its quorum using BitSet.len() and then casts usize indices to u16 for slot lookups.
An attacker can exploit this by crafting a SkipBlockProof where MultiSignature.signers contains out-of-range indices. These indices inflate the len() count but collide onto the same in-range u16 slot during aggregation due to the u16 cast. This effectively allows a malicious validator with significantly fewer than the required 2f+1 real signer slots to pass verification by multiplying a single BLS signature. The NVD notes that no workarounds are available, emphasizing the need for a direct patch.
For defenders, this is a severe integrity bypass. If you’re running Nimiq’s Rust implementation, particularly any system relying on nimiq-block for consensus or block validation, you are directly exposed. This isn’t just a theoretical bug; it represents a fundamental breakdown of trust in the validation process, potentially allowing unauthorized actors to manipulate block proofs. Patching to v1.3.0 or later is the only confirmed mitigation.
What This Means For You
- If your organization uses Nimiq's Rust implementation, specifically any version of `nimiq-block` prior to 1.3.0, you are vulnerable to a critical integrity bypass. Immediately upgrade to version 1.3.0 or newer to patch CVE-2026-33471. There are no known workarounds, so patching is non-negotiable.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Nimiq SkipBlockProof Verification with Out-of-Range Indices - CVE-2026-33471
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33471 | Cryptographic Failure | nimiq-block prior to version 1.3.0 |
| CVE-2026-33471 | Auth Bypass | nimiq-block `SkipBlockProof::verify` function |
| CVE-2026-33471 | Auth Bypass | nimiq-block `MultiSignature.signers` with out-of-range indices spaced by 65536 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 22, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
WeKan SSRF Vulnerability: Internal Network Exposure Risk
CVE-2026-41455 — WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol...
Wekan API Flaw Grants Board Members Admin Powers
CVE-2026-41454 — WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without...
CVE-2026-41177 — Server-Side Request Forgery
CVE-2026-41177 — Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable...