Vulnerability in Zcashfoundation Zebra-consensus

CVE-2026-40880

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefull…

EPSS: 0.001 (17.1th percentile) — read the EPSS interpretation.

Affected products

Zcashfoundation Zebra-consensus — versions < 5.0.2
Zcashfoundation Zebrad — versions < 4.3.1

Weakness classification (CWE)

CWE-1025

References

https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-xvj8-ph7x-65gf (x_refsource_CONFIRM)