CVE-2026-41585
Zebra Node Crash via Premature RPC Disconnection
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zfnd | zebra-rpc | From 2.0.0 (inc) to 6.0.2 (exc) |
| zfnd | zebra-rpc | 1.0.0 |
| zfnd | zebra-rpc | 1.0.0 |
| zfnd | zebra-rpc | 1.0.0 |
| zfnd | zebrad | From 2.2.0 (inc) to 4.3.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41585 is a Denial of Service (DoS) vulnerability in Zebra's JSON-RPC HTTP middleware. It allows an authenticated RPC client to crash a Zebra node by disconnecting before the request body is fully received.
The node treats the failure to read the HTTP request body as an unrecoverable error and aborts the process instead of returning an error response.
This issue affects zebrad versions 2.2.0 to before 4.3.1 and zebra-rpc versions 1.0.0-beta.45 to before 6.0.2 and has been fixed in zebrad 4.3.1 and zebra-rpc 6.0.2.
How can this vulnerability impact me? :
This vulnerability can cause a Zebra node to crash, resulting in a Denial of Service (DoS) condition.
An authenticated RPC client with valid credentials can exploit this by disconnecting prematurely during a request, causing the node to abort unexpectedly.
This impacts the availability of the Zebra node, potentially disrupting services that depend on it.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects Zebra nodes running specific versions of zebrad and zebra-rpc when an authenticated RPC client disconnects before the request body is fully received, causing the node to crash. Detection involves monitoring for unexpected crashes or process aborts of the Zebra node.
Since the vulnerability requires an authenticated RPC client, checking for unusual or repeated RPC client disconnections or failures in the logs may help identify exploitation attempts.
There are no specific commands provided in the resources to detect this vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should upgrade to zebrad version 4.3.1 or later, or zebra-rpc version 6.0.2 or later, where the issue has been fixed.
If upgrading immediately is not possible, ensure that the RPC port is not exposed to untrusted networks and that cookie authentication remains enabled, as nodes using default settings with RPC bound to localhost and cookie authentication enabled are not vulnerable.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.