Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Zebra not properly validating some Zcash transactions
GHSA-8m29-fpq5-89jj
Summary
Zebra, a Zcash software, has a bug that could allow a malicious party to disrupt the network and cause double-spends. This is because Zebra is not correctly checking certain types of transactions, which could lead to a split in the network between Zebra and Zcash nodes. Affected versions of Zebra are prior to 4.3.1. To fix this, update to version 4.3.1 or later.
What to do
- Update conradoplg zebrad to version 4.3.1.
- Update conradoplg zebra-script to version 5.0.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| crates.io | conradoplg | zebrad |
< 4.3.1 Fix: upgrade to 4.3.1
|
| crates.io | conradoplg | zebra-script |
< 5.0.1 Fix: upgrade to 5.0.1
|
Original title
Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling
Original description
# Consensus Divergence in Transparent Sighash Hash-Type Handling
## Summary
After a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus accept and eventually mine a block that would be considered invalid by zcashd nodes, creating a consensus split between Zebra and zcashd nodes.
In a similar vein, for V4 transactions, Zebra mistakenly used the "canonical" hash type when computing the sighash while zcashd (correctly per the spec) uses the raw value, which could also crate a consensus split.
## Severity
**Critical** - This is a Consensus Vulnerability that could allow a malicious party to induce network partitioning, service disruption, and potential double-spend attacks against affected nodes.
Note that the impact is currently alleviated by the fact that currently most miners run `zcashd`.
## Affected Versions
All Zebra versions prior to version 4.3.1. (Some older versions are not impacted but are no longer supported by the network.)
## Description
Verification of transparent transactions inherits the Bitcoin Script verification code in C++. Since it is consensus-critical, this code was called from Zebra through foreign function interface (FFI). That interface was clunky because it required parsing the whole transaction in C++ code, which would then pull Rust libraries which could get in conflict with Zebra code. A refactoring was done so that only the verification itself was done in C++, and the rest done by Rust code, using a callback. However, in this refactoring, it was not noticed that a particular consensus rule - only accepting known hash types in transparent transaction signatures - was being enforced in C++ code and thus had to be enforced by the Rust caller.
An attacker could exploit this by:
- Submitting a V4 or V5 transaction with an invalid hash type
- The V5 transaction would be accepted by Zebra nodes but not by `zcashd` nodes (and vice-versa for V4), creating a consensus split in the network.
## Impact
**Consensus Failure**
- **Attack Vector:** Network.
- **Effect:** Network partition/consensus split.
- **Scope:** Any Zebra affected Zebra node
## Fixed Versions
This issue is fixed in Zebra 4.3.1.
The fix adds the consensus check in the caller of the C++ verification code. It also uses the raw hash type for V4 sighash computations.
## Mitigation
Users should upgrade to Zebra 4.3.1 or later immediately.
There are no known workarounds for this issue. Immediate upgrade is the only way to ensure the node remains on the correct consensus path and is protected against malicious chain forks.
## Credits
Thanks Alex “Scalar” Sol for finding and reporting the issue, and to @sangsoo-osec who independently found the same issue and demonstrated that the V4 variant was also exploitable.
## Summary
After a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus accept and eventually mine a block that would be considered invalid by zcashd nodes, creating a consensus split between Zebra and zcashd nodes.
In a similar vein, for V4 transactions, Zebra mistakenly used the "canonical" hash type when computing the sighash while zcashd (correctly per the spec) uses the raw value, which could also crate a consensus split.
## Severity
**Critical** - This is a Consensus Vulnerability that could allow a malicious party to induce network partitioning, service disruption, and potential double-spend attacks against affected nodes.
Note that the impact is currently alleviated by the fact that currently most miners run `zcashd`.
## Affected Versions
All Zebra versions prior to version 4.3.1. (Some older versions are not impacted but are no longer supported by the network.)
## Description
Verification of transparent transactions inherits the Bitcoin Script verification code in C++. Since it is consensus-critical, this code was called from Zebra through foreign function interface (FFI). That interface was clunky because it required parsing the whole transaction in C++ code, which would then pull Rust libraries which could get in conflict with Zebra code. A refactoring was done so that only the verification itself was done in C++, and the rest done by Rust code, using a callback. However, in this refactoring, it was not noticed that a particular consensus rule - only accepting known hash types in transparent transaction signatures - was being enforced in C++ code and thus had to be enforced by the Rust caller.
An attacker could exploit this by:
- Submitting a V4 or V5 transaction with an invalid hash type
- The V5 transaction would be accepted by Zebra nodes but not by `zcashd` nodes (and vice-versa for V4), creating a consensus split in the network.
## Impact
**Consensus Failure**
- **Attack Vector:** Network.
- **Effect:** Network partition/consensus split.
- **Scope:** Any Zebra affected Zebra node
## Fixed Versions
This issue is fixed in Zebra 4.3.1.
The fix adds the consensus check in the caller of the C++ verification code. It also uses the raw hash type for V4 sighash computations.
## Mitigation
Users should upgrade to Zebra 4.3.1 or later immediately.
There are no known workarounds for this issue. Immediate upgrade is the only way to ensure the node remains on the correct consensus path and is protected against malicious chain forks.
## Credits
Thanks Alex “Scalar” Sol for finding and reporting the issue, and to @sangsoo-osec who independently found the same issue and demonstrated that the V4 variant was also exploitable.
osv CVSS4.0
9.1
Vulnerability type
CWE-573
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026