VYPR
Vendor

Zfnd

Products
6
CVEs
10
Across products
20
Status
Private

Products

6

Recent CVEs

10
  • CVE-2026-44497CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash…

  • CVE-2026-41583CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled…

  • CVE-2026-40880HigApr 21, 2026
    risk 0.46cvss 8.1epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid…

  • CVE-2026-34377HigMar 31, 2026
    risk 0.46cvss 8.1epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while…

  • CVE-2026-44498HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who…

  • CVE-2026-41584HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the…

  • CVE-2026-40881HigApr 21, 2026
    risk 0.42cvss 7.5epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length (over 233,000) that was…

  • CVE-2026-34202HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.01

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic (crash). This is triggered by sending a…

  • CVE-2026-41585MedMay 8, 2026
    risk 0.35cvss 6.5epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by…

  • CVE-2026-44500MedMay 8, 2026
    risk 0.27cvss 5.3epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings…