Zcash

A crafted Orchard transaction with a zero-value rk field can cause a Zebra node to crash due to a panic in the orchard crate, leading to a denial-of-service condition; this vulnerability is identified as CVE-2026-41584 and patched in zebrad version 4.3.1 and zebra-chain version 6.0.2.

Zebra's block validator undercounts signature operations, allowing it to accept invalid blocks, leading to a network split between Zebra and zcashd nodes.