CVE-2026-35679 Overview
CVE-2026-35679 is an Improperly Implemented Security Check vulnerability affecting Zcash zcashd versions prior to 6.12.0. The vulnerability allows invalid transactions to be accepted under certain conditions due to insufficient verification of Sprout proofs during block validation. This flaw could potentially have resulted in the draining of user funds from the Sprout pool.
Critical Impact
The vulnerability could allow attackers to bypass cryptographic proof verification in the Sprout shielded pool, potentially enabling the acceptance of fraudulent transactions and theft of user funds.
Affected Products
- Zcash zcashd versions prior to 6.12.0
Discovery Timeline
- 2026-04-05 - CVE CVE-2026-35679 published to NVD
- 2026-04-07 - Last updated in NVD database
Technical Details for CVE-2026-35679
Vulnerability Analysis
This vulnerability represents an Improperly Implemented Security Check (CWE-358) in the Zcash blockchain node software. The core issue stems from a logic flaw in the block validation process where Sprout zero-knowledge proofs were not being consistently verified under all code paths.
In cryptocurrency systems utilizing zero-knowledge proofs like Zcash's Sprout protocol, proper verification of these proofs is essential for maintaining consensus integrity and preventing double-spending or unauthorized fund transfers. The vulnerability existed because the fChecked flag on blocks could be set without ensuring that the proof verifier was operating in strict mode.
Root Cause
The root cause lies in the CheckBlock() function within src/main.cpp, where the block's fChecked flag was being set based solely on fCheckPOW && fCheckMerkleRoot conditions without verifying that the ProofVerifier was in strict mode. This meant that under certain conditions, blocks could pass validation without proper Sprout proof verification.
Attack Vector
The attack vector operates over the network, requiring an attacker to craft and submit specially formed blocks or transactions containing invalid Sprout proofs. If accepted by nodes running vulnerable versions, these invalid transactions could manipulate the Sprout shielded pool balance, potentially allowing fund extraction without proper cryptographic authorization.
The exploitation requires:
- Knowledge of the Zcash protocol and Sprout proof structure
- Ability to create transactions that exploit the missing verification path
- Network access to submit crafted blocks to vulnerable nodes
// Security patch in src/main.cpp - consensus: Verify Sprout proofs for new block connections
return state.DoS(100, error("CheckBlock(): out-of-bounds SigOpCount"),
REJECT_INVALID, "bad-blk-sigops", true);
- if (fCheckPOW && fCheckMerkleRoot)
+ if (fCheckPOW && fCheckMerkleRoot && verifier.IsStrict())
block.fChecked = true;
return true;
Source: GitHub Zcash Commit Details
// Security patch in src/proof_verifier.cpp - consensus: Verify Sprout proofs for new block connections
return ProofVerifier(false);
}
+bool ProofVerifier::IsStrict() {
+ return perform_verification;
+}
+
bool ProofVerifier::VerifySprout(
const JSDescription& jsdesc,
const ed25519::VerificationKey& joinSplitPubKey
Source: GitHub Zcash Commit Details
Detection Methods for CVE-2026-35679
Indicators of Compromise
- Unusual transactions originating from or targeting the Sprout shielded pool
- Blockchain inconsistencies or fork events related to invalid Sprout proofs
- Node logs showing accepted blocks that fail verification on upgraded nodes
Detection Strategies
- Monitor zcashd version across all deployed nodes to identify instances running versions prior to 6.12.0
- Implement blockchain monitoring to detect anomalous Sprout pool activity or balance discrepancies
- Review node logs for any rejected blocks or consensus warnings that may indicate exploitation attempts
Monitoring Recommendations
- Deploy SentinelOne agents on systems running Zcash nodes to monitor for suspicious process behavior
- Establish alerts for any blockchain reorganization events that could indicate invalid block acceptance
- Monitor network traffic patterns for unusual peer-to-peer communication that may indicate targeted attacks
How to Mitigate CVE-2026-35679
Immediate Actions Required
- Upgrade all zcashd instances to version 6.12.0 or later immediately
- Verify node integrity by comparing local blockchain state against trusted sources
- Review transaction logs for any suspicious Sprout pool activity prior to patching
- Consider temporarily halting Sprout pool operations until upgrade is complete
Patch Information
Zcash has released version 6.12.0 which addresses this vulnerability by adding a strict mode check to the proof verification logic. The patch ensures that the fChecked flag is only set when the ProofVerifier is operating in strict mode, guaranteeing that all Sprout proofs are properly validated.
For detailed patch information, refer to:
Workarounds
- If immediate upgrade is not possible, consider taking vulnerable nodes offline until patching can occur
- Implement network-level controls to limit peer connections to known, trusted nodes
- Run updated nodes in parallel to validate incoming blocks before propagation
# Upgrade zcashd to patched version
# Stop the running zcashd service
zcash-cli stop
# Download and install version 6.12.0 or later
# Follow Zcash official upgrade documentation
# Restart with the patched version
zcashd -daemon
# Verify the version
zcash-cli getinfo | grep version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
