CVE-2026-35679 | THREATINT

Description

Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs.

PUBLISHED Reserved 2026-04-05 | Published 2026-04-05 | Updated 2026-04-06 | Assigner mitre

LOW: 3.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Problem types

CWE-358 Improperly Implemented Security Check for Standard

Product status

Default status

unaffected

Any version before 6.12.0

affected

References

github.com/zcash/zcash/releases/tag/v6.12.0

github.com/...ommit/db969c63f48f0f9fc518112ed0b7ace1af78b9d0

cve.org (CVE-2026-35679)

nvd.nist.gov (CVE-2026-35679)

Download JSON