CVE-2026-35679
Summary
| CVE | CVE-2026-35679 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-05 22:16:01 UTC |
| Updated | 2026-04-07 13:20:35 UTC |
| Description | Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs. |
Risk And Classification
Primary CVSS: v3.1 3.5 LOW from [email protected]
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
EPSS: 0.000080000 probability, percentile 0.007210000 (date 2026-04-07)
Problem Types: CWE-358 | CWE-358 CWE-358 Improperly Implemented Security Check for Standard
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 3.5 | LOW | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N |
| 3.1 | CNA | CVSS | 3.5 | LOW | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
LowUser Interaction
NoneScope
ChangedConfidentiality
NoneIntegrity
LowAvailability
NoneCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/zcash/zcash/releases/tag/v6.12.0 | [email protected] | github.com | |
| github.com/zcash/zcash/commit/db969c63f48f0f9fc518112ed0b7ace1af78b9d0 | [email protected] | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.