CVE-2026-54496
Received Received - Intake

Memory Corruption in ZEBRA Zcash Node

Vulnerability report for CVE-2026-54496, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: GitHub, Inc.

Description

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2_gadgets/src/ecc/chip/mul/incomplete.rs used assign_advice() for the base point without a copy constraint tying it to the actual base, allowing a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point and bypass the diversified-address-integrity check that binds pk_d, g_d, ivk, the nullifier (nf), and the spend validating key (ak) to the note being spent. This issue is fixed in zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 10 associated CPEs
Vendor Product Version / Range
zcashfoundation zebrad 5.0.0
zcashfoundation halo2_gadgets 0.5.0
zcashfoundation orchard 0.14.0
zcashfoundation zcash_primitives 0.28.0
zcash zcashd 6.20.0
zebra zebrad 5.0.0
halo2_gadgets halo2_gadgets 0.5.0
orchard orchard 0.14.0
zcash_primitives zcash_primitives 0.28.0
zcashd zcashd 6.20.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-54496 is a critical soundness vulnerability in the Orchard zero-knowledge proof circuit of the Zcash protocol. It involves a missing copy constraint in the variable-base scalar multiplication gadget, allowing a malicious prover to manipulate the base point during proof generation. This bypassed the diversified-address-integrity check, enabling potential double-spending or theft of funds within the Orchard shielded pool. The flaw existed since Orchard's introduction in 2022 but was discovered in May 2026.

Detection Guidance

Detection requires checking Zcash node software versions. For Zebra, run 'zebrad --version' and verify it is 5.0.0 or higher. For zcashd, run 'zcashd --version' and check for 6.20.0 or later. Affected versions will show older numbers.

Impact Analysis

If exploited, this vulnerability could allow double-spending of Orchard notes or theft of funds by forging spend authorizations. Attackers could bypass hardware wallet protections if the linked software wallet was compromised. However, no exploitation occurred, and the total ZEC supply remained intact due to Zcash's turnstile mechanism. Users running vulnerable versions of Zcash software (halo2_gadgets <0.5.0, orchard <0.14.0, zcash_primitives <0.28.0, zcashd <6.20.0, zebrad <5.0.0) were at risk until upgrading.

Compliance Impact

The vulnerability does not directly affect compliance with GDPR or HIPAA as it pertains to cryptographic integrity within the Zcash blockchain. However, potential double-spending or fund theft risks could indirectly impact data integrity and financial compliance requirements. The Zcash Foundation and developers addressed the issue through rapid emergency updates to prevent exploitation.

Mitigation Strategies
  • Upgrade all Zcash components to patched versions: zebrad 5.0.0+, halo2_gadgets 0.5.0+, orchard 0.14.0+, zcash_primitives 0.28.0+, zcashd 6.20.0+.
  • Disable Orchard transactions temporarily if running pre-5.0.0 Zebra versions until upgrade completes.
  • Monitor network upgrades at block height 3,364,600 for NU6.2 activation to ensure compliance.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54496. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart