Zebra CVE-2026-40880
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionGitHub Advisory
CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks
Summary
A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid for H+2 and then mining that transaction in a block at height H+2, a miner could cause vulnerable Zebra nodes to accept an invalid block, leading to a consensus split from the rest of the Zcash network.
Severity
High - This is a Consensus Vulnerability that could allow a malicious miner to induce network partitioning, service disruption, and potential double-spend attacks against affected nodes.
Affected Versions
All Zebra versions prior to version 4.3.1. (Some older versions are not affected but are no longer supported by the network)
Description
The vulnerability exists due to a performance optimization whose goal is to improve performance of transaction validation if the transaction was previously accepted into the mempool (and thus was verified as valid). That however did not take into account that a transaction can be valid for a specific height, but invalid at higher heights; for example, it can contain an expiry height, a lock time, and it is always bound to a network upgrade, all of which are height-dependant.
An attacker (specifically a malicious miner) could exploit this by (e.g. in the expiry height case):
- Submitting a transaction with expiry height
H+1(whereHis the height of the current tip) - Mining a block
H+1, and a blockH+2that contains that same transaction, and submitting blockH+2beforeH+1 - Zebra nodes would accept
H+2as valid (pending contextual verification) and wait for blockH+1; when it arrives, Zebra would commit both blocks even ifH+2contains an expired transaction - Other nodes (like
zcashdorzebradnodes without that transaction in their mempool) reject the block, resulting in a chain fork where the poisoned Zebra node is isolated.
Impact
Consensus Failure
Attack Vector: Network (specifically via a malicious miner). Effect: Network partition/consensus split. Scope: Any Zebra node utilizing the transaction verification cache optimization for V5 transactions.
Fixed Versions
This issue is fixed in Zebra 4.3.1.
We removed the performance optimization altogether, since we deemed it too risky.
The fix ensures that verification is only skipped if the transaction's full integrity-including authorization data-is validated against the mempool entry.
Mitigation
Users should upgrade to Zebra 4.3.0 or later immediately.
There are no known workarounds for this issue. Immediate upgrade is the only way to ensure the node remains on the correct consensus path and is protected against malicious chain forks.
Credits
Thanks to @sangsoo-osec for a thorough advisory submission that noticed the lock time issue, and to @shieldedonly with an also thorough advisory (that was submitted while we were working on the first one) who noticed that the issue applied to other aspects of the transaction validation.
AnalysisAI
Consensus-breaking cache logic error in Zcash Zebra node software (all versions <4.3.1) allows malicious miners to partition the network by mining blocks containing height-invalid transactions. By submitting a transaction valid at height H+1 but invalid at H+2, then mining it into block H+2 and submitting that block before H+1, attackers trigger cached verification bypass-vulnerable Zebra nodes accept the invalid block while honest nodes reject it, creating a consensus split. This enables double-spend attacks against isolated nodes. EPSS data unavailable; not in CISA KEV. Classified as CWE-1025 (comparison logic error). Fixed in Zebra 4.3.1 by removing the risky cache optimization entirely.
Technical ContextAI
Zebra is a Rust-based full node implementation for the Zcash privacy-focused cryptocurrency network, competing with the legacy zcashd client. This vulnerability stems from a performance optimization in the transaction verification cache (zebra-consensus package) that skipped re-verification for transactions already validated for mempool inclusion. Zcash transactions contain height-dependent validity constraints-expiry heights (preventing replay attacks), lock times (time-locked funds), and network upgrade activation heights. CWE-1025 (Comparison Using Wrong Factors) manifests here because the cache logic compared transaction validity without considering the block height context. When a transaction moves from mempool validation (performed at current tip height H) to block validation (potentially at H+2), its validity status can change-an expired transaction or one tied to different upgrade rules becomes invalid. The out-of-order block submission (H+2 before H+1) exploits Zebra's pending block queue, which holds blocks awaiting parent blocks for contextual verification. The cache incorrectly signals 'already verified' during contextual validation of H+2, bypassing height-specific checks that would detect the transaction expired between H+1 and H+2.
RemediationAI
Upgrade immediately to Zebra 4.3.1 or later, available from https://github.com/ZcashFoundation/zebra/releases and crates.io. The fix removes the transaction verification cache optimization entirely rather than attempting to patch the height-context logic, eliminating the vulnerability class at the cost of some performance regression. No workarounds exist-the vendor explicitly states immediate upgrade is the only mitigation. Compensating controls are impractical: operators cannot disable the cache via configuration, and network-level filtering cannot prevent malicious miners from submitting crafted block sequences. Nodes remaining on vulnerable versions face consensus isolation risk if a sophisticated attacker with mining capability targets them. For mining pool operators and exchanges running Zebra, this is a critical patch requiring immediate deployment during next maintenance window. Side effects of upgrade are minimal (backward-compatible protocol changes, possible minor transaction validation performance decrease). Verify upgrade success by checking zebrad --version reports 4.3.1 or higher and monitoring node sync status remains aligned with blockchain explorers like zcha.in.
Same weakness CWE-1025 – Comparison Using Wrong Factors
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-xvj8-ph7x-65gf