CVE-2026-34202
🟡 Monitoruj
Błąd w logice przetwarzania transakcji w ZEBRA pozwala na zdalne spowodowanie awarii węzła.
CVSS
7.5
EPSS
0.3%
Exploit
none
Vendor
zfnd
Opis źródłowy (NVD)
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic (crash). This is triggered by sending a specially crafted V5 transaction that passes initial deserialization but fails during transaction ID calculation. This issue has been patched in zebrad version 4.3.0 and zebra-chain version 6.0.1.
deserialization
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2026-03-31 15:16:17 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-07 21:02:10 UTC |
Referencje
- https://github.com/ZcashFoundation/zebra/releases/tag/v4.3.0 (security-advisories@github.com) [Release Notes]
- https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-qp6f-w4r3-h8wg (security-advisories@github.com) [Vendor Advisory]
- https://zfnd.org/zebra-4-3-0-critical-security-fixes-zip-235-support-and-performance-improvements (security-advisories@github.com) [Vendor Advisory]