Key Highlights
- Zebra 4.4.0 addresses multiple bugs, including consensus-related issues that could impact network stability.
- The update fixes a vulnerability that could stall block discovery through gossip queue saturation.
- Updates resolve discrepancies in sigops counting and sighash behavior that could lead to chain splits.
The Zcash Foundation has launched version 4.4.0 of Zebra, its Zcash protocol software built with Rust. This update fixes several security weaknesses, including important problems that could have affected how transactions are verified.
As an analyst, I’m flagging a critical update from the team regarding Zebra 4.4.0. They’ve announced that this version includes important fixes for several security vulnerabilities, and some of these affect the core consensus mechanism. They’re urging all node operators to upgrade to this version right away to protect their systems.
A new version of Zebra, 4.4.0, is now available with important security updates. This release includes fixes for several serious vulnerabilities, some of which could affect the core functioning of the network. We urge all those running Zebra nodes to update to this version right away.
— Zcash Foundation 🛡️ (@ZcashFoundation) May 2, 2026
The main fixesÂ
Zebra is a new program that works like the standard Zcash program (zcashd), but it’s built with the Rust programming language to be more secure and faster. This new version also fixes potential weaknesses that could cause problems with the network and how transactions are confirmed.
A key security flaw (identified as GHSA-28xj-328h-72vm) has been resolved. This vulnerability allowed an attacker to overwhelm the network with traffic using just one connection, slowing down the process of finding new blocks. Critically, the attacker could do this without being blocked or disconnected.
This update improves how the system handles missing data in FindBlocks and FindHeaders messages. It also resolves an issue with how block signature operations are counted during consensus (GHSA-jv4h-j224-23cc).
Zebra previously didn’t calculate ‘sigops’ for Coinbase transactions or consider the total sigops from complex transactions (P2SH redeem scripts) when checking the 20,000 sigop limit. This meant that Zebra might reject blocks that Zcashd considered valid.
This update fixes an issue where how the system handles digital signatures didn’t match expectations (GHSA-gq4h-3grw-2rhv). This mismatch was caused by problems with how data was managed when interacting with the core Bitcoin Script validation process.
Additional fixes
A recent update fixes an issue with how V5 transparent transactions handle a specific type of digital signature (SIGHASH_SINGLE), ensuring consistency. Additionally, the update improves network performance by reducing memory usage during data processing, addressing a potential security vulnerability.
Sometimes, the process of converting data into a usable format was allocating unnecessarily large amounts of memory. It was checking network limits first, rather than strictly following the protocol’s rules, which created a potential vulnerability where malicious actors could overload the system’s memory.
Zcash developers recently fixed four security weaknesses in the Zcash network after discovering issues that could have caused nodes to fail or even split the network. The updates, released as zcashd v6.12.1 and Zebra v4.3.1, were implemented quickly thanks to a coordinated disclosure process and are now being adopted throughout the Zcash community.
Upgrade recommended
The Zcash Foundation has announced that critical security flaws exist within the network and cannot be fixed with temporary solutions. They are strongly advising all those running Zcash nodes to update to the latest version right away to ensure the network remains secure and operates correctly.
You can download Zebra version 4.4.0 from the official project’s GitHub page. While the development team continues to support Zebra and the Zcash ecosystem, the network hasn’t gained as much traction as some other blockchains focused on privacy and smart contracts. However, it continues to appeal to users who prioritize privacy features.
Read More
- Brent Oil Forecast
- Bitcoin at Halfway Through Halving: Gains Lag Behind Previous Cycles
- Silver Rate Forecast
- Gold Rate Forecast
- USD CLP PREDICTION
- WLD PREDICTION. WLD cryptocurrency
- USD MYR PREDICTION
- DOGE PREDICTION. DOGE cryptocurrency
- USD TRY PREDICTION
- ADA PREDICTION. ADA cryptocurrency
2026-05-02 20:08