CVE-2026-34062

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L                                    

Vulnerability Description

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because `Behaviour::new` also sets `with_max_concurrent_streams(1000)`, the node exposes a much larger stalled-slot budget than the library default. The patch for this vulnerability is formally released as part of v1.3.0. No known workarounds are available.

Vulnerability Details

Published Date

April 22, 2026

Last Modified

April 22, 2026

CWE ID

CWE-770

Source

NVD

Vendor

nimiq

Product

network-libp2p

External References

https://github.com/nimiq/core-rs-albatross/commit/c021a5337b808c73571b44999f9753051bac7508
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gh7r-qh4p-q4fr

CVE-2026-34062

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment