CVE-2026-35679 LOW

CVE-2026-35679

Vendor Zcash
Product zcashd
Weakness CWE-358
Published April 5, 2026
Last update April 6, 2026

CVSS base score

3.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.

Key dates

02Disclosure timeline

April 5, 2026 CVE published
April 6, 2026 Record updated