NextGuard
UNKNOWNCVE-2026-34202

Zebra node crash — V5 transaction hash panic (P2P reachable)

Platform

rust

Component

zebra

Fixed in

4.3.0

View on NVD

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic (crash). This is triggered by sending a specially crafted V5 transaction that passes initial deserialization but fails during transaction ID calculation. This issue has been patched in zebrad version 4.3.0 and zebra-chain version 6.0.1.

How to fix

Actualice a la versión 4.3.0 de zebrad o a la versión 6.0.1 de zebra-chain, o posterior. Esto corrige la vulnerabilidad que permite que un atacante remoto cause una caída del nodo Zebra.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free