CVE-2026-41584 Overview
CVE-2026-41584 is a denial-of-service vulnerability in Zebra, a Zcash node implementation written in Rust by the Zcash Foundation. The flaw affects zebrad versions prior to 4.3.1 and zebra-chain versions prior to 6.0.2. Orchard transactions include an rk field representing a randomized validating key and elliptic curve point. The Zcash specification permits this field to hold the identity (zero) value, but the underlying orchard crate panics when verifying proofs containing such a value. A remote attacker can broadcast a crafted transaction to crash any vulnerable Zebra node on the network [CWE-617].
Critical Impact
A single crafted Orchard transaction can crash Zebra nodes remotely, threatening Zcash network availability and consensus participation.
Affected Products
- zfnd zebrad versions prior to 4.3.1
- zfnd zebra-chain versions prior to 6.0.2
- Zcash node operators running vulnerable Zebra builds
Discovery Timeline
- 2026-05-08 - CVE-2026-41584 published to NVD
- 2026-05-08 - Last updated in NVD database
Technical Details for CVE-2026-41584
Vulnerability Analysis
The vulnerability stems from a reachable panic condition (CWE-617) in the proof verification path for Orchard shielded transactions. Orchard is the latest shielded transaction protocol used by Zcash and relies on Halo 2 zero-knowledge proofs. Each Orchard action includes a randomized validating key rk, encoded as an elliptic curve point on the Pallas curve.
The Zcash protocol specification explicitly allows rk to be the identity element of the curve group. However, the orchard crate used by Zebra to verify these proofs does not treat the identity element as valid input. When the verifier receives such a value, it triggers a Rust panic rather than returning a verification error.
Because transaction validation runs inside the node process, an unhandled panic propagates upward and terminates zebrad. The attack requires no authentication and consumes minimal attacker resources.
Root Cause
The root cause is a mismatch between the Zcash consensus specification and the implementation behavior of the orchard verification crate. The specification permits the identity point as a valid rk value, while the crate assumes the value will always be a non-identity point. Missing input validation on this edge case causes the verifier to invoke an operation that panics instead of returning Err.
Attack Vector
An attacker constructs an Orchard transaction in which one or more actions contain an rk field set to the curve identity. The attacker broadcasts the transaction through any Zcash peer. When a Zebra node receives the transaction and attempts proof verification during mempool admission or block validation, the orchard crate panics and the node terminates. Repeated broadcasts can crash newly restarted nodes and degrade overall network availability.
No authentication is required, and the attack is fully network-reachable. See the Zebra GitHub Security Advisory GHSA-452v-w3gx-72wg for upstream technical details.
Detection Methods for CVE-2026-41584
Indicators of Compromise
- Unexpected termination of the zebrad process with a Rust panic message referencing the orchard crate or identity point arithmetic.
- Repeated zebrad crashes shortly after receiving peer-to-peer transaction or block messages.
- Mempool entries or block contents containing Orchard actions with anomalous rk field values.
Detection Strategies
- Monitor zebrad exit codes and standard error output for panic stack traces involving orchard verification routines.
- Correlate node crashes with inbound peer message timestamps to identify externally triggered failures.
- Inspect process supervisor logs (systemd, docker, or equivalent) for repeated restart loops of the Zebra service.
Monitoring Recommendations
- Forward zebrad logs and host telemetry to a centralized logging or SIEM platform for panic pattern matching.
- Alert on zebrad process restarts exceeding a baseline threshold within a short time window.
- Track peer connection events alongside crash events to identify malicious peers sending crafted transactions.
How to Mitigate CVE-2026-41584
Immediate Actions Required
- Upgrade zebrad to version 4.3.1 or later and zebra-chain to version 6.0.2 or later without delay.
- Restart all Zebra node instances after upgrading to ensure the patched verification logic is loaded.
- Audit peer lists and consider limiting inbound connections to trusted peers until patches are applied.
Patch Information
The Zcash Foundation released fixes in zebrad 4.3.1 and zebra-chain 6.0.2. The patches update the Orchard verification path so that an rk value equal to the curve identity returns a verification failure instead of panicking. Refer to the Zebra GitHub Security Advisory GHSA-452v-w3gx-72wg for release notes and upgrade instructions.
Workarounds
- No reliable workaround exists short of upgrading; the panic occurs during normal transaction validation.
- Operators unable to patch immediately should run zebrad under a process supervisor that performs automatic restarts to reduce downtime, while accepting that consensus participation will be disrupted.
- Restrict inbound peer connections and prefer well-known, reputable peers to lower exposure to crafted transactions.
# Upgrade Zebra to a patched release
cargo install --locked --git https://github.com/ZcashFoundation/zebra --tag v4.3.1 zebrad
zebrad --version # verify 4.3.1 or later before resuming operations
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
