Description

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because `Behaviour::new` also sets `with_max_concurrent_streams(1000)`, the node exposes a much larger stalled-slot budget than the library default. The patch for this vulnerability is formally released as part of v1.3.0. No known workarounds are available.

INFO

Published Date :

2026-04-22T19:23:36.838Z

Last Modified :

2026-04-23T12:57:42.075Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34062 vulnerability.

Vendors Products
Nimiq
  • Network-libp2p
  • Nimiq Proof-of-stake
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34062.

URL Resource
https://github.com/nimiq/core-rs-albatross/commit/c021a5337b808c73571b44999f9753051bac7508 cve-icon cve-icon
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0 cve-icon cve-icon
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gh7r-qh4p-q4fr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact