CVE-2026-44498
ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcashd nodes do not. This issue has been patched in version 4.4.0.
| CWE | CWE-682 |
| Vendor | zcashfoundation |
| Product | zebra |
| Published | May 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for zcashfoundation zebra
Be the first to know when new unknown vulnerabilities affecting zcashfoundation zebra are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
ZcashFoundation / zebra
< 4.4.0