CVE-2026-35679: Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could

Description

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.

Affected Products

Vendor	Product	Versions
zcash	zcashd	0

References

Related News (1 articles)

Tier C

VulDB63d ago

CVE-2026-35679 | Zcash zcashd up to 6.11.x Transaction security check

→ No new info (linked only)

CVSS 3.13.5 LOW

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

6.12.0

CWECWE-358

PublishedApr 5, 2026

Last enriched63d agov2

Trending Score0

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

Version History

Last enriched 63d ago

v2Tier C63d ago

Updated affected versions to 6.11.x, changed severity to MEDIUM, and noted that no exploit is available.

affectedVersionsseverity

via VulDB

v164d ago

Initial creation

CVE-2026-35679: Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History