CVE-2026-41583

Published: Mag 08, 2026 Last Modified: Mag 08, 2026
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
CRITICAL 9,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: high

Description

AI Translation Available

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus accept and eventually mine a block that would be considered invalid by zcashd nodes, creating a consensus split between Zebra and zcashd nodes. In a similar vein, for V4 transactions, Zebra mistakenly used the 'canonical' hash type when computing the sighash while zcashd (correctly per the spec) uses the raw value, which could also crate a consensus split. This issue has been patched in zebrad version 4.3.1 and zebra-script version 5.0.2.

573

Improper Following of Specification by Caller

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Quality Degradation Varies By Context
Applicable Platforms
All platforms may be affected
View CWE Details
Application

Zebrad by Zfnd

Product Information
Vendor Zfnd
Product Zebrad
Version Range Affected
To 4.3.1 (exclusive)
cpe:2.3:a:zfnd:zebrad:*:*:*:*:*:rust:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Zebra-Script by Zfnd

Product Information
Vendor Zfnd
Product Zebra-Script
Version Range Affected
To 5.0.2 (exclusive)
cpe:2.3:a:zfnd:zebra-script:*:*:*:*:*:rust:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/ZcashFoundation/zebra/security/advisorie…
https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj