CVE-2026-44499

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

EUVD-2026-28801

Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning...

CVE-2026-44499

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

CVE-2026-44499

ZEBRA (Zcash node, Rust) before 4.4.0 contains a composite DoS in the block discovery pipeline. An unauthenticated remote attacker can, via a single TCP connection, exploit three independent weaknesses in the gossip, syncer, and download subsystems to create a monotonically growing block deficit ...

CVE-2026-44499 ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

PT-2026-39149

Name of the Vulnerable Software and Affected Versions ZEBRA versions prior to 4.4.0 Description A composite denial-of-service issue in the block discovery pipeline allows an unauthenticated remote attacker to permanently stop all new block discovery on a targeted node. The attack leverages three...