Back to overview

CVE-2026-54496

CRITICAL
9.3
CVSS 3.1
Description
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2_gadgets/src/ecc/chip/mul/incomplete.rs used assign_advice() for the base point without a copy constraint tying it to the actual base, allowing a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point and bypass the diversified-address-integrity check that binds pk_d, g_d, ivk, the nullifier (nf), and the spend validating key (ak) to the note being spent. This issue is fixed in zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0.

Metadata

CVE ID
CVE-2026-54496
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-06-15 18:01 UTC
Published
2026-07-17 16:59 UTC
Last updated
2026-07-17 17:23 UTC
Primary CWE
CWE-345
CWE-345: Insufficient Verification of Data Authenticity
Vendor / Product
ZcashFoundation / zebra
Sources
cve.org  ·  NVD

Severity & Metrics

9.3 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (5)
VendorProductPlatformVersions
zcash halo2_gadgets < 0.5.0
zcash librustzcash < 0.28.0
zcash orchard < 0.14.0
zcash zcash < 6.20.0
ZcashFoundation zebra < 5.0.0
Weakness (CWE)
CWESourceDescription
CWE-345 cna CWE-345: Insufficient Verification of Data Authenticity
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.3 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
References (7)
Back to overview