573 matches found
CVE-2026-41585 ZEBRA: Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients
ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...
CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...
CVE-2026-41584
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...
CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...
EUVD-2026-28654
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...
CVE-2026-41584
ZEBRA (the Zebra node implementation for Zcash) is affected by CVE-2026-41584 due to the rk field in Orchard transactions. Prior to zebrad 4.3.1 and zebra-chain 6.0.2, an identity value for rk (the randomized validating key and elliptic-curve point) could trigger a panic in the orchard crate used...
CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...
CVE-2026-41583
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling (CVE-2026-41583). Zebra, a Rust-based Zcash node, failed after a refactor to validate sighash hash-type limits for V5 (NU5) and V4 transactions. This could allow Zebra to accept/mined blocks that zcashd would reject, causing a ...
CVE-2026-41583
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...
CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network...
zebra 安全漏洞
Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from excessive buffer sizes allocated for multiple inbound deserialization paths, which could allow attackers t...
zebra 安全漏洞
Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities; these vulnerabilities stemmed from the block verifier underestimating the number of transparent signature operations, which could lead to...
zebra 安全漏洞
Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.1 contained a security vulnerability. This vulnerability occurred when the rk field in Orchard transactions was set to an identity value, causing the Orchard crate to crash and...
zebra 安全漏洞
Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of sighash hash types for V5 transactions and the standard hash type used for V4 transactions, whi...
zebra 安全漏洞
Zebra is an open-source implementation of Zcash full node written in Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained a security vulnerability, which was caused by a combined denial-of-service vulnerability in the block discovery pipeline. This vulnerability could allow...
zebra 数据伪造问题漏洞
Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 had a data forgery vulnerability, which stemmed from insufficient error handling when sighash types were invalid, potentially leading to consensus splits...
zebra 安全漏洞
Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. There were security vulnerabilities in versions 2.2.0 to 4.3.1 of Zebra. These vulnerabilities stemmed from the JSON-RPC HTTP middleware disconnecting connections when the request body was not fully received,...
PT-2026-39149
Name of the Vulnerable Software and Affected Versions ZEBRA versions prior to 4.4.0 Description A composite denial-of-service issue in the block discovery pipeline allows an unauthenticated remote attacker to permanently stop all new block discovery on a targeted node. The attack leverages three...
Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs
Zebra Transparent SIGHASHSINGLE Corresponding-Output Handling Diverges From zcashd Summary For V5+ transparent spends, Zebra and zcashd disagree on the same consensus rule: SIGHASHSINGLE must fail when the input index has no corresponding output. zcashd treats this as consensus-invalid under...
GHSA-GQ4H-3GRW-2RHV Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer
CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Summary The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash type ...