CVE-2026-35679

LOW

Zcash zcashd <6.12.0 - Invalid Transaction Validation

Title source: llm

Description

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.

References (2)

https://github.com/zcash/zcash/releases/tag/v6.12.0

https://github.com/zcash/zcash/commit/db969c63f48f0f9fc518112ed0b7ace1af78b9d0

View Patch ZIP pw:eip

Scores

CVSS v3 3.5

EPSS 0.0001

EPSS Percentile 0.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-358

Status published

Products (1)

Zcash/zcashd < 6.12.0

Published Apr 05, 2026

Tracked Since Apr 06, 2026