CVE-2026-40880
HIGHDescription
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but invalid for H+2 and then mining that transaction in a block at height H+2, a miner could cause vulnerable Zebra nodes to accept an invalid block, leading to a consensus split from the rest of the Zcash network. This vulnerability is fixed in zebrad version 4.3.1 and zebra-consensus version 5.0.2.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| zfnd | zebra-consensus |
| zfnd | zebrad |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-40880? +
How severe is CVE-2026-40880? +
What products are affected by CVE-2026-40880? +
How do I check if I'm vulnerable to CVE-2026-40880? +
Related Vulnerabilities
Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between …
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including …
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement …
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. …
Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could …
During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to …