Low severity3.5NVD Advisory· Published Apr 5, 2026· Updated Apr 7, 2026

CVE-2026-35679

Description

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.

Affected products

Zcash/Zcashreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/zcash/zcash/commit/db969c63f48f0f9fc518112ed0b7ace1af78b9d0nvd
github.com/zcash/zcash/releases/tag/v6.12.0nvd

News mentions

No linked articles in our index yet.

cvss	0.227
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000