Platform
rust
Component
zebrad
Fixed in
4.3.1
6.0.2
4.3.0
CVE-2026-34202 describes a critical Remote Denial of Service (DoS) vulnerability affecting Zebra nodes utilizing Network Upgrade 5 (V5) transactions. An unauthenticated attacker can trigger a node panic by sending a specially crafted V5 transaction, leading to service disruption. This vulnerability impacts Zebra versions less than or equal to 4.3.0. A patch is available in version 4.3.0.
This vulnerability allows a remote, unauthenticated attacker to induce a denial of service by crashing a Zebra node. The attack involves sending a malicious V5 transaction that bypasses initial deserialization but causes a failure during transaction ID calculation, leading to a panic. The impact is significant as it can disrupt critical network operations and potentially lead to data loss or service unavailability. The lack of authentication makes exploitation trivial, and a single malicious transaction is sufficient to trigger the DoS. This vulnerability shares similarities with other transaction processing vulnerabilities where malformed input can lead to unexpected crashes.
CVE-2026-34202 was published on 2026-03-27. No public proof-of-concept (PoC) code is currently available, but the vulnerability's ease of exploitation (unauthenticated, single transaction) suggests a potential for rapid exploitation if a PoC is released. The CVSS score of 9.5 indicates a critical severity, and it is likely to be added to the CISA KEV catalog. Active exploitation is not currently confirmed.
Exploit Status
EPSS
0.25% (48% percentile)
CISA SSVC
The primary mitigation is to upgrade Zebra nodes to version 4.3.0 or later, which includes the fix for this vulnerability. If immediate upgrading is not possible, consider restricting access to V5 transactions to trusted sources only. Implement network segmentation to limit the potential blast radius of a successful attack. Monitor network traffic for suspicious V5 transaction patterns. While no specific detection signatures are available, unusual transaction volumes or error rates related to V5 processing should be investigated. After upgrading, confirm the fix by sending a test V5 transaction and verifying that the node does not crash.
Upgrade to version 4.3.0 of zebrad or version 6.0.1 of zebra-chain, or later. This corrects the vulnerability that allows a remote attacker to cause a Zebra node crash.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34202 is a critical DoS vulnerability in Zebra nodes that allows a remote attacker to crash the node by sending a crafted V5 transaction. It affects versions less than or equal to 4.3.0.
You are affected if you are using a Zebra node with a version less than or equal to 4.3.0 and have V5 transactions enabled.
Upgrade your Zebra node to version 4.3.0 or later to resolve this vulnerability. Restricting access to V5 transactions is a temporary mitigation.
Active exploitation is not currently confirmed, but the vulnerability's severity and ease of exploitation suggest a potential for future attacks.
Refer to the official Zebra security advisory for detailed information and updates regarding CVE-2026-34202.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your Cargo.lock file and we'll tell you instantly if you're affected.