Skip to main content

Zebra

1 CVEs product

Monthly

CVE-2026-44499 Cargo HIGH POC PATCH GHSA This Week

Remote denial-of-service in Zebra (Zcash node implementation) versions prior to 4.4.0 allows unauthenticated attackers to permanently halt block synchronization via a single TCP connection. The attack exploits three independent weaknesses in gossip, syncer, and download subsystems to create an irreversible block discovery deficit. Vendor patch available in version 4.4.0. EPSS data unavailable; no CISA KEV listing or public exploit code identified at time of analysis, but the technical barrier appears low given network attack vector with no authentication or complexity requirements (CVSS 4.0: AV:N/AC:L/PR:N).

Denial Of Service Zebra
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Remote denial-of-service in Zebra (Zcash node implementation) versions prior to 4.4.0 allows unauthenticated attackers to permanently halt block synchronization via a single TCP connection. The attack exploits three independent weaknesses in gossip, syncer, and download subsystems to create an irreversible block discovery deficit. Vendor patch available in version 4.4.0. EPSS data unavailable; no CISA KEV listing or public exploit code identified at time of analysis, but the technical barrier appears low given network attack vector with no authentication or complexity requirements (CVSS 4.0: AV:N/AC:L/PR:N).

Denial Of Service Zebra
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy