{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/network-partition/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["zebrad","zebra-script"],"_cs_severities":["critical"],"_cs_tags":["consensus-failure","vulnerability","network-partition"],"_cs_type":"advisory","_cs_vendors":["ZcashFoundation"],"content_html":"\u003cp\u003eZebra, a Zcash node implementation, versions prior to 4.4.0 are vulnerable to a critical consensus divergence issue. This flaw, identified as CVE-2026-44497, stems from inadequate error handling when processing invalid sighash types during signature hash computation. Specifically, when an undefined hash type is encountered, Zebra\u0026rsquo;s foreign function interface (FFI) does not properly propagate the error from the Rust-based sighash computation callback to the C++ verification code. Consequently, the C++ checker may use a stale digest from a previous valid signature validation, leading to the acceptance of invalid transactions. This discrepancy can create a consensus split between Zebra and zcashd nodes, potentially disrupting the Zcash network. The vulnerability was introduced as a side effect of a previous fix (GHSA-8m29-fpq5-89jj).\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious transaction.\u003c/li\u003e\n\u003cli\u003eTransaction contains a transparent output.\u003c/li\u003e\n\u003cli\u003eThe output is spent by a script that includes \u003ccode\u003eOP_CHECKSIGVERIFY\u003c/code\u003e and \u003ccode\u003eOP_CHECKSIG\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eOP_CHECKSIGVERIFY\u003c/code\u003e is executed with a valid hash type, priming the C++ sighash buffer with a valid digest.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eOP_CHECKSIG\u003c/code\u003e is executed with an undefined hash type.\u003c/li\u003e\n\u003cli\u003eZebra\u0026rsquo;s Rust callback returns \u003ccode\u003eNone\u003c/code\u003e due to the undefined hash type, but the C++ checker does not receive this signal.\u003c/li\u003e\n\u003cli\u003eThe C++ checker verifies the invalid signature against the stale digest in the buffer.\u003c/li\u003e\n\u003cli\u003eZebra incorrectly accepts the spend, while zcashd rejects it, leading to a consensus split.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe vulnerability can lead to a consensus failure within the Zcash network. An attacker can exploit this to cause network partitioning, where different nodes have conflicting views of the blockchain\u0026rsquo;s state. This can lead to service disruption for users relying on affected Zebra nodes. Furthermore, the vulnerability could potentially be exploited for double-spend attacks if a malicious miner relies on Zebra\u0026rsquo;s faulty validation results. While the impact is mitigated by the prevalence of \u003ccode\u003ezcashd\u003c/code\u003e among miners, any miner or template pipeline relying on Zebra\u0026rsquo;s validation is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all Zebra nodes to version 4.4.0 or later immediately to address CVE-2026-44497.\u003c/li\u003e\n\u003cli\u003eMonitor Zebra node logs for unexpected consensus errors or forks following the upgrade.\u003c/li\u003e\n\u003cli\u003eEvaluate the feasibility of implementing custom monitoring to detect divergence between Zebra and zcashd validation results within your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T20:56:21Z","date_published":"2026-05-07T20:56:21Z","id":"/briefs/2024-01-09-zebra-consensus-divergence/","summary":"Zebra versions prior to 4.4.0 exhibit a consensus divergence vulnerability (CVE-2026-44497) due to insufficient error handling of invalid sighash types during sighash computation, potentially leading to network partitioning and double-spend attacks.","title":"Zebra Consensus Divergence in Transparent Sighash Hash-Type Handling (CVE-2026-44497)","url":"https://feed.craftedsignal.io/briefs/2024-01-09-zebra-consensus-divergence/"}],"language":"en","title":"CraftedSignal Threat Feed — Network-Partition","version":"https://jsonfeed.org/version/1.1"}