{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/cpes/cpe2.3azfndzebra-chainrust/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:zfnd:zebra-chain:*:*:*:*:*:rust:*:*","cpe:2.3:a:zfnd:zebrad:*:*:*:*:*:rust:*:*"],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-41584"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["zebra-chain","zebrad"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","zcash","cryptography"],"_cs_type":"advisory","_cs_vendors":["ZFND"],"content_html":"\u003cp\u003eZEBRA is a Zcash node written entirely in Rust. Prior to the patched versions, a vulnerability existed within the handling of Orchard transactions. Specifically, the \u003ccode\u003erk\u003c/code\u003e field, a randomized validating key and elliptic curve point within Orchard transactions, was not properly validated. The Zcash specification allows this field to be the identity (a \u0026ldquo;zero\u0026rdquo; value). However, the \u003ccode\u003eorchard\u003c/code\u003e crate, responsible for verifying Orchard proofs, would panic when processing an \u003ccode\u003erk\u003c/code\u003e field with this identity value. An attacker could exploit this by sending a specially crafted transaction to a Zebra node, triggering the panic and causing the node to crash, leading to a denial-of-service condition. This issue is tracked as CVE-2026-41584 and has been addressed in \u003ccode\u003ezebrad\u003c/code\u003e version 4.3.1 and \u003ccode\u003ezebra-chain\u003c/code\u003e version 6.0.2.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious Zcash transaction.\u003c/li\u003e\n\u003cli\u003eThe crafted transaction includes an Orchard transaction with a \u003ccode\u003erk\u003c/code\u003e field set to the identity (zero) value.\u003c/li\u003e\n\u003cli\u003eAttacker sends the crafted transaction to a vulnerable Zebra node.\u003c/li\u003e\n\u003cli\u003eThe Zebra node receives the transaction and attempts to verify the Orchard proof.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eorchard\u003c/code\u003e crate within the Zebra node processes the \u003ccode\u003erk\u003c/code\u003e field.\u003c/li\u003e\n\u003cli\u003eDue to the zero value of the \u003ccode\u003erk\u003c/code\u003e field, the \u003ccode\u003eorchard\u003c/code\u003e crate panics.\u003c/li\u003e\n\u003cli\u003eThe panic causes the Zebra node to crash.\u003c/li\u003e\n\u003cli\u003eThe Zebra node becomes unavailable, resulting in a denial-of-service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in a denial-of-service condition for the affected Zebra node. An attacker can repeatedly send crafted transactions to disrupt the node\u0026rsquo;s operation. While the vulnerability does not lead to data breach or arbitrary code execution, it can impact the availability of services relying on the Zebra node. The number of affected nodes depends on the adoption rate of vulnerable \u003ccode\u003ezebrad\u003c/code\u003e versions prior to 4.3.1.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all Zebra nodes running versions prior to 4.3.1 to version 4.3.1 or later to patch CVE-2026-41584.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-41584 Exploitation Attempt — Orchard Transaction with Zero Rk\u0026rdquo; to detect attempts to exploit this vulnerability by monitoring transaction patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-08T15:16:41Z","date_published":"2026-05-08T15:16:41Z","id":"/briefs/2026-05-zebra-dos/","summary":"A crafted Orchard transaction with a zero-value rk field can cause a Zebra node to crash due to a panic in the orchard crate, leading to a denial-of-service condition; this vulnerability is identified as CVE-2026-41584 and patched in zebrad version 4.3.1 and zebra-chain version 6.0.2.","title":"Zebra Node Denial-of-Service Vulnerability via Crafted Orchard Transactions (CVE-2026-41584)","url":"https://feed.craftedsignal.io/briefs/2026-05-zebra-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cpe:2.3:a:zfnd:zebra-Chain:*:*:*:*:*:rust:*:*","version":"https://jsonfeed.org/version/1.1"}