CVE-2026-35679: Zcashd Invalid Transactions - Version 0-6.12.0
Platform
linux
Component
zcashd
Fixed in
6.12.0
CVE-2026-35679 describes a vulnerability in Zcashd where invalid transactions could be accepted under specific circumstances. This flaw could potentially lead to the draining of user funds from the Sprout pool, as the system was not consistently verifying Sprout proofs. The vulnerability affects Zcashd versions from 0.0.0 up to and including 6.12.0. A patch has been released in version 6.12.0.
How to fix
Actualice a la versión 6.12.0 o posterior para corregir la falla de verificación de las pruebas Sprout. Esta actualización asegura que las transacciones inválidas no puedan ser aceptadas, protegiendo así los fondos de los usuarios en el Sprout pool.
Frequently asked questions
What is CVE-2026-35679?
CVE-2026-35679 is a security vulnerability in Zcashd that allows invalid transactions to be processed, potentially leading to the loss of user funds from the Sprout pool due to inadequate Sprout proof verification.
Am I affected by CVE-2026-35679?
You are potentially affected if you are using Zcashd versions 0.0.0 through 6.12.0. It is crucial to check your Zcashd version and update if necessary.
How do I fix CVE-2026-35679?
The vulnerability is fixed in Zcashd version 6.12.0. Update your Zcashd installation to this version to mitigate the risk of fund draining.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free