CVE-2026-44499: CVE-2026-44499: Permanent Block Discovery Halt in Zebra via Gossip Queue Saturation

1 / 2

CVE-2026-44499: CVE-2026-44499: Permanent Block Discovery Halt in Zebra via Gossip Queue Saturation

DEV Community·CVE Reports·24 days ago

#Vyp8n6kD

#commit #security #cve #cybersecurity #zebra #network

Reading 0:00

15s threshold

CVE-2026-44499: Permanent Block Discovery Halt in Zebra via Gossip Queue Saturation Vulnerability ID: CVE-2026-44499 CVSS Score: 8.7 Published: 2026-05-08 CVE-2026-44499 is a composite Denial of Service (DoS) vulnerability affecting Zebra, the Rust implementation of a Zcash full node. By exploiting architectural flaws in the peer-to-peer (P2P) communication stack, an unauthenticated attacker can saturate internal message queues and poison the chain discovery process, permanently isolating the target node from the network. TL;DR Unauthenticated attackers can permanently halt block discovery in Zebra nodes prior to v4.4.0 by saturating the P2P gossip queue and providing unpenalized empty responses to synchronization requests.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-44499: CVE-2026-44499: Permanent Block Discovery Halt in Zebra via Gossip Queue Saturation