CVE-2026-41583— ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41583
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling
Source: NVD (National Vulnerability Database)
Vulnerability Description
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus accept and eventually mine a block that would be considered invalid by zcashd nodes, creating a consensus split between Zebra and zcashd nodes. In a similar vein, for V4 transactions, Zebra mistakenly used the "canonical" hash type when computing the sighash while zcashd (correctly per the spec) uses the raw value, which could also crate a consensus split. This issue has been patched in zebrad version 4.3.1 and zebra-script version 5.0.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
调用者对规范的不恰当使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
zebra 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
zebra是Zcash Foundation开源的一个用Rust编写的Zcash全节点实现。 zebra 4.3.1之前版本存在安全漏洞,该漏洞源于未验证V5交易的sighash哈希类型以及V4交易使用规范哈希类型,可能导致共识分裂。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ZcashFoundation | zebra | zebrad < 4.3.1 | - |
II. Public POCs for CVE-2026-41583
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41583
请登录查看更多情报信息。
Same Patch Batch · ZcashFoundation · 2026-05-08 · 7 CVEs total
| CVE-2026-44500 | 5.3 MEDIUM | ZEBRA: Allocation Amplification in Inbound Network Deserializers |
| CVE-2026-41585 | ZEBRA: Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients | |
| CVE-2026-41584 | ZEBRA: rk Identity Point Panic in Transaction Verification | |
| CVE-2026-44497 | ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer | |
| CVE-2026-44498 | ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops | |
| CVE-2026-44499 | ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning |
IV. Related Vulnerabilities
Same product: zebra
- CVE-2026-44499
ZEBRA: Permanent Block Discovery Halt via Gossip Queue Satur - CVE-2026-44500
ZEBRA: Allocation Amplification in Inbound Network Deseriali - CVE-2026-44498
ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops - CVE-2026-44497
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type - CVE-2026-41585
ZEBRA: Denial of Service via Interrupted JSON-RPC Requests f
Same vendor: ZcashFoundation
- CVE-2026-44499
ZEBRA: Permanent Block Discovery Halt via Gossip Queue Satur - CVE-2026-44500
ZEBRA: Allocation Amplification in Inbound Network Deseriali - CVE-2026-44498
ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops - CVE-2026-44497
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type - CVE-2026-41585
ZEBRA: Denial of Service via Interrupted JSON-RPC Requests f
V. Comments for CVE-2026-41583
No comments yet