Primary

Context

Zcash Sprout Proof Verification Vulnerability in zcashd

Vulnerability

Patched

A vulnerability exists in Zcash zcashd versions prior to 6.12.0, allowing certain invalid transactions to be accepted. This issue could have potentially drained user funds from the Sprout pool, as the software sometimes failed to properly verify Sprout proofs. The vulnerability arose because of a flaw in the transaction verification logic, particularly when new blocks were added to the blockchain.

Impact

Exploitation of this vulnerability could have led to the acceptance of invalid transactions, allowing for the unauthorized draining of user funds from the Sprout pool.

Remediation

Users can upgrade to Zcash zcashd version 6.12.0, which includes the necessary fix for the Sprout transaction verification issue. Instructions for downloading this release are available on the Zcash GitHub repository.

Added: Apr 5, 2026, 10:48 PM

Updated: Apr 5, 2026, 10:48 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

5.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

5.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zcash Sprout Proof Verification Vulnerability in zcashd

Vulnerability

Impact

Remediation

Affected Products

Zcash zcashd

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating