Resource exhaustion in Zcashfoundation Zebra
CVE-2026-44499
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery o…
EPSS: 0.001 (33.3th percentile) — read the EPSS interpretation.
Affected products
- Zcashfoundation Zebra — versions < 4.4.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)