Transaction Validation Issue in Zcash Wallet by Zcash Foundation
CVE-2026-35679

3.5LOW

Key Information:

Vendor: Zcash
Status: Zcashd
Vendor: CVE Published:; 5 April 2026

What is CVE-2026-35679?

Earlier versions of Zcash's zcashd, specifically those before 6.12.0, experienced a transaction validation issue. This vulnerability allowed invalid transactions to be processed under certain circumstances, raising the alarming risk of user funds being drained from the Sprout pool. The problem stemmed from inadequate verification of Sprout proofs, compromising the integrity of transaction validation within the platform.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

zcashd 0 < 6.12.0

References

https://github.com/zcash/zcash/releases/tag/v6.12.0

https://github.com/zcash/zcash/commit/db969c63f48f0f9fc51...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 5, 2026
Vulnerability Reserved
Apr 5, 2026

JSON

Zcash

What is CVE-2026-35679?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.