The vulnerability arises from a logic error in Zebra’s transaction verification cache. A malicious miner can craft a transaction that passes verification at a given height but fails once the block is confirmed. If such a transaction is included in a block that reaches the accepted height, Zebra nodes may accept an invalid block. This leads to a consensus split, allowing the faulty block to propagate in a subset of nodes while the rest of the network follows the correct chain. The weakness corresponds to CWE-1025, representing a logic or algorithmic flaw.

Zebra nodes built from the ZcashFoundation’s zebrad code base before version 4.3.1 and the zebra-consensus library before version 5.0.2 are vulnerable. These include ZcashFoundation:zebra-consensus and ZcashFoundation:zebrad products. Nodes running newer releases are not affected.

The CVSS score of 7.2 indicates medium to high severity. No EPSS score is populated, so current exploit probability is unknown, but the vulnerability requires a miner capable of submitting blocks on the network. It permits a malicious actor to induce a split in the blockchain, potentially creating a temporary fork until the issue is resolved. The fault is not listed in the CISA KEV catalog, and no publicly disclosed exploits have been reported. Because the condition to trigger the bug depends on transaction submission and mining, an attacker would need direct mining or controlling a mining pool. Nevertheless, the potential impact on consensus integrity makes it a significant risk for operators of full nodes.