216.73.216.36

CVE-2026-41583

· Published 08/05/2026 15:16 · Modified 08/05/2026 18:44

Labels: CVE-2026-41583 2026-05-08CVE-2026-41583CWE-573[email protected]

Essential information

Published
08/05/2026 15:16
Modified
08/05/2026 18:44
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus accept and eventually mine a block that would be considered invalid by zcashd nodes, creating a consensus split between Zebra and zcashd nodes. In a similar vein, for V4 transactions, Zebra mistakenly used the "canonical" hash type when computing the sighash while zcashd (correctly per the spec) uses the raw value, which could also crate a consensus split. This issue has been patched in zebrad version 4.3.1 and zebra-script version 5.0.2.

NVD status

Status
Analyzed — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zfnd / zebra-script cpe:2.3:a:zfnd:zebra-script:*:*:*:*:*:rust:*:*
zfnd / zebrad cpe:2.3:a:zfnd:zebrad:*:*:*:*:*:rust:*:*

References