CVE-2026-46542: nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
(updated )
A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in keys/src/multisig/mod.rs called .unwrap() on curve point decompression, which panics when a public key is
constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Ed25519PublicKey construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the
hosting process.
A secondary panic existed in Commitment::From<[u8; 32]>, which similarly called .unwrap() on a failing curve point decompression.
Who is affected: Browser and desktop wallet users of the web-client WASM library and the nimiq-wallet crate, when initiating a multisig operation with an attacker-supplied public key. An attacker must convince the user to include
a crafted public key in a multisig setup — this is not a remotely triggerable node/validator crash.
Who is NOT affected: Validator nodes, consensus, blockchain, mempool, and networking code. There is no on-chain multisig account type; multisig is a purely client-side construct, and no validator/consensus code calls the multisig delinearization path.
References
- github.com/advisories/GHSA-h9cc-w26m-j342
- github.com/nimiq/core-rs-albatross/commit/3bc449a8138960c4de6bfd506bad1730c621d4de
- github.com/nimiq/core-rs-albatross/pull/3713
- github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0
- github.com/nimiq/core-rs-albatross/security/advisories/GHSA-h9cc-w26m-j342
- nvd.nist.gov/vuln/detail/CVE-2026-46542
Code Behaviors & Features
Detect and mitigate CVE-2026-46542 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →