CVE-2026-35679 Zcash — Exploit & Vulnerability Details LOW

CVE-2026-35679

LOW CVSS 3.1: 3.5 EPSS 0.01%

Parameter	Value
CVSS	3.5 (LOW)
Affected Versions	before 6.12.0
Type	CWE-358
Vendor	Zcash
Public PoC	No

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-358

References 2

https://github.com/zcash/zcash/commit/db969c63f48f0f9fc518112ed0b7ace1af78b9d0

cve@mitre.org

https://github.com/zcash/zcash/releases/tag/v6.12.0

cve@mitre.org

Share Post Share Share Share

Menu

CVE-2026-35679

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Menu

CVE-2026-35679

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Stay informed on cybersecurity