216.73.216.133

CVE-2026-34377

· Published 31/03/2026 15:16 · Modified 01/04/2026 14:24

Labels: CVE-2026-34377 2026-03-31CVE-2026-34377CWE-347[email protected]

Essential information

Published
31/03/2026 15:16
Modified
01/04/2026 14:24
Author
Creator
CVSS
8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause vulnerable Zebra nodes to accept an invalid block, leading to a consensus split from the rest of the Zcash network. This would not allow invalid transactions to be accepted but could result in a consensus split between vulnerable Zebra nodes and invulnerable Zebra and Zcashd nodes. This issue has been patched in zebrad version 4.3.0 and zebra-consensus version 5.0.1.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zcash / zebra cpe:2.3:a:zcash:zebra:<=4.3.0:*:*:*:*:*:*:*
zcash / zebra-consensus cpe:2.3:a:zcash:zebra-consensus:<=5.0.1:*:*:*:*:*:*:*

References