CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-41583 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 an...

·Source: NIST NVD

Updated:

Executive Summary

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus accept and eventually mine a block that would be considered invalid by

Analysis

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus accept and eventually mine a block that would be considered invalid by zcashd nodes, creating a consensus split between Zebra and zcashd nodes. In a similar vein, for V4 transactions, Zebra mistakenly used the "canonical" hash type when computing the sighash while zcashd (correctly per the spec) uses the raw value, which could also crate a consensus split. This issue has been patched in zebrad version 4.3.1 and zebra-script version 5.0.2. CVSS Score: 9.1. Published: 2026-05-08T15:16:41.070.

Indicators of Compromise (1)

CVE (1)
CVE-2026-41583
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 8, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Alipay lets shoppers delegate purchases to AI

Chinese payments giant Alipay has begun letting users authorise AI to handle payments on their behalf.

Finextra
LOWVulnerability

Cloudflare Cuts 1,100, Arctic Wolf Axes 250 Amid AI Surge

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cloudflare-cuts-1100-arctic-wolf-axes-250-amid-ai-surge-image_small-1-a-31657.jpg" align=right hspace=4><b>Cloud Connectivity, Security Operations Providers Reportedly Chop 20%, 7% of Staff</b><br>Cloudflare cut more than 1,100 workers from its 5,483-person staff, saying the layoffs will align Cloudflare's operations with AI-drive

Bank Info Security
CRITICALVulnerability

Why Hospitals Must Rethink Cyber Resilience

In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical strategies, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.

Bank Info Security