Primary

Context

Zcash Zebra Node Block Validation Vulnerability Allows Network Splitting

Vulnerability

A vulnerability in the Zcash Zebra node's block validation process, present in versions prior to 4.4.0, allows for an incorrect count of transparent signature operations. This miscalculation enables Zebra to accept blocks that are rejected by zcashd due to exceeding the signature operation limit. As a result, a miner could create a block that causes a divergence in the blockchain, with Zebra nodes following the problematic chain while zcashd nodes do not.

Impact

Exploitation of this vulnerability can lead to consensus errors, causing Zebra nodes to accept and follow a blockchain that is rejected by zcashd, potentially splitting the network.

Remediation

Users should upgrade to Zcash Zebra version 4.4.0 or later, where this vulnerability has been fixed.

Added: May 8, 2026, 6:41 PM

Updated: May 8, 2026, 6:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zcash Zebra Node Block Validation Vulnerability Allows Network Splitting

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating