A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in keys/src/multisig/mod.rs called .unwrap() on curve point decompression, which panics when a public key is
constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Ed25519PublicKey construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the
hosting process.
A secondary panic existed in Commitment::From<[u8; 32]>, which similarly called .unwrap() on a failing curve point decompression.
Who is affected: Browser and desktop wallet users of the web-client WASM library and the nimiq-wallet crate, when initiating a multisig operation with an attacker-supplied public key. An attacker must convince the user to include
a crafted public key in a multisig setup — this is not a remotely triggerable node/validator crash.
Who is NOT affected: Validator nodes, consensus, blockchain, mempool, and networking code. There is no on-chain multisig account type; multisig is a purely client-side construct, and no validator/consensus code calls the multisig delinearization path.
See PR.
No code-level workaround exists short of the patch. Users of wallet applications can mitigate exposure by only performing multisig operations with public keys received from trusted sources.
keys/src/multisig/mod.rs, keys/src/multisig/commitment.rs| Score | Percentile |
|---|---|
| 0.03% | 9.53% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 4.3 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-h9cc-w26m-j342 ↗ |
| CVE | CVE-2026-46542 ↗ |
| CWE id | Name |
|---|---|
| CWE-617 | Reachable Assertion |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| rust | nimiq-keys | < 1.4.0 | 1.4.0 | — |