1. Home
  2. CVE Database
  3. CVE-2026-35679
LOW · 3.5

CVE-2026-35679

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometim...

Vulnerability Description

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-358

References

FAQ

What is CVE-2026-35679?

CVE-2026-35679 is a vulnerability with a CVSS score of 3.5 (LOW). Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometim...

How severe is CVE-2026-35679?

CVE-2026-35679 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-35679?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.