Vulnerability Description
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent weaknesses in the gossip, syncer, and download subsystems — all exercisable from a single TCP connection — to create a monotonically growing block deficit that never self-heals. This issue has been patched in version 4.4.0.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-44499?
CVE-2026-44499 is a documented vulnerability. ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to per...
How severe is CVE-2026-44499?
CVSS scoring is not yet available for CVE-2026-44499. Check NVD for updates.
Is there a patch for CVE-2026-44499?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.