CVE-2026-34202

UNKNOWN 0.0

Zebra node crash — V5 transaction hash panic (P2P reachable)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic (crash). This is triggered by sending a specially crafted V5 transaction that passes initial deserialization but fails during transaction ID calculation. This issue has been patched in zebrad version 4.3.0 and zebra-chain version 6.0.1.

CWE	CWE-1336 CWE-94
Vendor	zcashfoundation
Product	zebra
Published	Mar 31, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for zcashfoundation zebra

Be the first to know when new unknown vulnerabilities affecting zcashfoundation zebra are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ZcashFoundation / zebra

< 4.3.0

ZcashFoundation / zebra-chain

< 6.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-qp6f-w4r3-h8wg github.com: https://github.com/ZcashFoundation/zebra/releases/tag/v4.3.0 zfnd.org: https://zfnd.org/zebra-4-3-0-critical-security-fixes-zip-235-support-and-performance-improvements