Skip to main content

ZEBRA Zcash node CVE-2026-41584

| EUVDEUVD-2026-28654 CRITICAL
Reachable Assertion (CWE-617)
2026-05-08 security-advisories@github.com GHSA-452v-w3gx-72wg
9.2
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 08, 2026 - 16:18 EUVD
Source Code Evidence Fetched
May 08, 2026 - 16:16 vuln.today
Analysis Generated
May 08, 2026 - 16:16 vuln.today
CVE Published
May 08, 2026 - 15:16 nvd
CRITICAL 9.2

DescriptionGitHub Advisory

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity (a "zero" value), however, the orchard crate which is used to verify Orchard proofs would panic when fed a rk with the identity value. Thus an attacker could send a crafted transaction that would make a Zebra node crash. This issue has been patched in zebrad version 4.3.1 and zebra-chain version 6.0.2.

AnalysisAI

Remote attackers can crash ZEBRA Zcash nodes by submitting a crafted Orchard transaction containing an identity value in the rk (randomized validating key) field, triggering a panic in the orchard crate's verification logic. All ZEBRA versions prior to 4.3.1 are affected. This critical denial-of-service vulnerability requires no authentication and has low attack complexity (CVSS 4.0: 9.2, AV:N/AC:L/PR:N). The issue stems from improper handling of the elliptic curve point identity value during transaction verification, where the orchard crate's unwrap() call on coordinate extraction causes an unhandled panic. Fixed in zebrad 4.3.1 and zebra-chain 6.0.2 by rejecting identity rk values during transaction parsing.

Technical ContextAI

ZEBRA is a Rust implementation of a Zcash full node. Orchard is Zcash's latest shielded transaction protocol that uses elliptic curve cryptography for privacy-preserving transactions. The rk field (randomized validating key) is an elliptic curve point used in transaction validation. CWE-617 (Reachable Assertion) describes this vulnerability class where an attacker can trigger a code assertion or panic. The orchard crate's circuits.rs file attempts to extract coordinates from the rk elliptic curve point and calls unwrap() on the result. When rk is the identity element (the zero/neutral element of the elliptic curve group), this extraction returns None, causing unwrap() to panic and crash the node. While the Zcash specification permits the identity value for rk, the implementing library did not handle this edge case defensively. The affected packages are zebrad (the node daemon, versions < 4.3.1) and zebra-chain (the transaction parsing library, versions < 6.0.2), both written in Rust.

RemediationAI

Upgrade immediately to zebrad version 4.3.1 or later, which includes zebra-chain version 6.0.2. These versions implement validation at the transaction parsing stage to reject any Orchard transaction containing an identity value in the rk field, preventing the panic before reaching the orchard crate's verification logic. Download the patched release from the official ZcashFoundation/zebra GitHub repository. The GitHub security advisory (https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-452v-w3gx-72wg) confirms no workarounds exist; the vulnerability cannot be mitigated through configuration changes, firewall rules, or access controls because the attack vector is any transaction submission via standard Zcash network protocols. Network-level filtering of malformed transactions is impractical since the rk identity value is syntactically valid per the original specification. Operators must upgrade to eliminate the vulnerability. After upgrading, verify the node version using zebrad --version and monitor logs for successful restart and network synchronization.

Share

CVE-2026-41584 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy