Description

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer opens/negotiate the discovery protocol substream a second time on the same connection, the handler hits a `panic!(\"Inbound already connected\")` / `panic!(\"Outbound already connected\")` path instead of failing closed. This causes a remote crash of the networking task (swarm), taking the node's p2p networking offline until restart. The patch for this vulnerability is formally released as part of v1.3.0. No known workarounds are available.

INFO

Published Date :

2026-04-22T19:40:26.837Z

Last Modified :

2026-04-23T13:54:06.421Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34063 vulnerability.

Vendors Products
Nimiq
  • Network-libp2p
  • Nimiq Proof-of-stake
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34063.

URL Resource
https://github.com/nimiq/core-rs-albatross/commit/e0d4e01994f061bf41d3c2835bc74040d3c084f5 cve-icon cve-icon
https://github.com/nimiq/core-rs-albatross/pull/3666 cve-icon cve-icon
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0 cve-icon cve-icon
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-74hp-mhfx-m45h cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact