Denial of Service Vulnerability in Zcash Node Software by Zcash Foundation
CVE-2026-41584
9.2CRITICAL
What is CVE-2026-41584?
Prior to specific versions, the ZEBRA node software is susceptible to Denial of Service due to a flaw in the handling of Orchard transactions. The rk field within these transactions can be manipulated to send an identity value, causing the software to crash. This creates a potential exploit for attackers, allowing crafted transactions to destabilize the node. The issue has been addressed in subsequent software updates.
Affected Version(s)
zebra zebra-chain < 6.0.2 < zebra-chain 6.0.2
zebra zebrad < 4.3.1 < zebrad 4.3.1
