NVD HIGH: CVE-2026-44498 — ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's ...

Friday, May 8, 2026 at 03:17 PM UTC·Source: NIST NVD

Updated: Thursday, May 14, 2026 at 10:00 AM UTC

Executive Summary

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcashd nodes do not. This issue

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-44498

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 8, 2026. Verified by: NIST.

Related Threats

LOWVulnerability

Meet Fragnesia, the third Linux kernel vulnerability in a month

Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs , head of incident response firm DigitalDefence, told CSO . “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by root’, or ‘file is rea

CVE-2026-46300

1h agoCSO Online

HIGHVulnerability

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.

1h agoDark Reading

MEDIUMVulnerability

White House cyber official: identity security matters more than ever in the age of AI

While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday. The post White House cyber official: identity security matters more than ever in the age of AI appeared first on CyberScoop .

1h agoCyberScoop