Description

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic (crash). This is triggered by sending a specially crafted V5 transaction that passes initial deserialization but fails during transaction ID calculation. This issue has been patched in zebrad version 4.3.0 and zebra-chain version 6.0.1.

INFO

Published Date :

2026-03-31T14:02:56.454Z

Last Modified :

2026-03-31T17:17:30.860Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34202 vulnerability.

Vendors Products
Zcashfoundation
  • Zebra
  • Zebra-chain
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34202.

URL Resource
https://github.com/ZcashFoundation/zebra/releases/tag/v4.3.0 cve-icon cve-icon
https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-qp6f-w4r3-h8wg cve-icon cve-icon
https://zfnd.org/zebra-4-3-0-critical-security-fixes-zip-235-support-and-performance-improvements cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability