Description

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via Policy::supply_at() and batch_delay() in blockchain/src/reward.rs, inflating the monetary supply beyond the intended emission schedule.

INFO

Published Date :

2026-04-09T20:29:46.026Z

Last Modified :

2026-04-09T20:29:46.026Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40093 vulnerability.

Vendors Products
Nimiq
  • Core-rs-albatross
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40093.

URL Resource
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-49xc-52mp-cc9j cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact