GHSA-gf9r-m956-97qx: zebrad has consensus divergence via P2SH sigop undercount in pure-Rust disabled-opcode parser
A consensus divergence vulnerability exists in zebrad up to and including v4.4.1 due to an incorrect P2SH sigop counting implementation in its pure-Rust disabled-opcode parser. This causes Zebra nodes to accept blocks that zcashd nodes reject when the block-wide MAX_BLOCK_SIGOPS threshold is exceeded on one side but not the other. An attacker can exploit this by broadcasting transactions with malicious redeem scripts containing disabled opcodes followed by sigops, causing a chain split between Zebra and zcashd validators. The issue is patched in Zebra 4.4.2 by routing the P2SH sigop counter through the same C++ FFI used by the legacy sigop counter. No configuration workaround exists; upgrading is required to remediate.
AI Analysis
Technical Summary
The vulnerability arises from Zebra's P2SH sigop counter using a pure-Rust code path that short-circuits on disabled opcodes, returning a partial sigop count of zero for any sigops following the disabled opcode. In contrast, the reference implementation zcashd counts through disabled opcodes during static sigop analysis. This discrepancy leads to consensus divergence when the MAX_BLOCK_SIGOPS threshold (20,000) is crossed on one side but not the other. An attacker can exploit this by broadcasting transactions spending P2SH outputs with redeem scripts containing disabled opcodes followed by multiple OP_CHECKMULTISIG opcodes, causing Zebra to undercount sigops and accept blocks that zcashd rejects. The vulnerability affects all default configurations of zebrad up to v4.4.1 on any network shared with zcashd nodes. The issue is fixed in Zebra 4.4.2 by changing the P2SH sigop counting to use the C++ FFI path consistent with legacy sigop counting.
Potential Impact
This vulnerability can cause a chain split between Zebra and zcashd validators on networks where both participate. Zebra nodes may accept blocks containing transactions with malicious redeem scripts that zcashd nodes reject due to exceeding the sigop limit. Approximately 30% of the current network hashrate is estimated to be Zebra miners, so this can lead to significant network divergence. The attacker does not require mining capability or special privileges; only the ability to broadcast crafted transactions. The cost to the attacker is limited to transaction fees. This undermines network consensus and stability.
Mitigation Recommendations
A patch is available in Zebra version 4.4.2 that fixes the P2SH sigop counting to use the C++ FFI path consistent with the reference implementation. There is no configuration-level workaround. Operators should upgrade to Zebra 4.4.2 or later as soon as possible to prevent chain splits and consensus divergence.
GHSA-gf9r-m956-97qx: zebrad has consensus divergence via P2SH sigop undercount in pure-Rust disabled-opcode parser
Description
A consensus divergence vulnerability exists in zebrad up to and including v4.4.1 due to an incorrect P2SH sigop counting implementation in its pure-Rust disabled-opcode parser. This causes Zebra nodes to accept blocks that zcashd nodes reject when the block-wide MAX_BLOCK_SIGOPS threshold is exceeded on one side but not the other. An attacker can exploit this by broadcasting transactions with malicious redeem scripts containing disabled opcodes followed by sigops, causing a chain split between Zebra and zcashd validators. The issue is patched in Zebra 4.4.2 by routing the P2SH sigop counter through the same C++ FFI used by the legacy sigop counter. No configuration workaround exists; upgrading is required to remediate.
CVSS v4.0
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability arises from Zebra's P2SH sigop counter using a pure-Rust code path that short-circuits on disabled opcodes, returning a partial sigop count of zero for any sigops following the disabled opcode. In contrast, the reference implementation zcashd counts through disabled opcodes during static sigop analysis. This discrepancy leads to consensus divergence when the MAX_BLOCK_SIGOPS threshold (20,000) is crossed on one side but not the other. An attacker can exploit this by broadcasting transactions spending P2SH outputs with redeem scripts containing disabled opcodes followed by multiple OP_CHECKMULTISIG opcodes, causing Zebra to undercount sigops and accept blocks that zcashd rejects. The vulnerability affects all default configurations of zebrad up to v4.4.1 on any network shared with zcashd nodes. The issue is fixed in Zebra 4.4.2 by changing the P2SH sigop counting to use the C++ FFI path consistent with legacy sigop counting.
Potential Impact
This vulnerability can cause a chain split between Zebra and zcashd validators on networks where both participate. Zebra nodes may accept blocks containing transactions with malicious redeem scripts that zcashd nodes reject due to exceeding the sigop limit. Approximately 30% of the current network hashrate is estimated to be Zebra miners, so this can lead to significant network divergence. The attacker does not require mining capability or special privileges; only the ability to broadcast crafted transactions. The cost to the attacker is limited to transaction fees. This undermines network consensus and stability.
Mitigation Recommendations
A patch is available in Zebra version 4.4.2 that fixes the P2SH sigop counting to use the C++ FFI path consistent with the reference implementation. There is no configuration-level workaround. Operators should upgrade to Zebra 4.4.2 or later as soon as possible to prevent chain splits and consensus divergence.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-gf9r-m956-97qx
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-52735"]
- Ecosystems
- ["crates.io"]
- Database Specific Severity
- CRITICAL
- Cvss Version
- 4.0
Threat ID: 6a46ecb627e9c7971943c9b1
Added to database: 07/02/2026, 22:56:54 UTC
Last enriched: 07/02/2026, 23:11:23 UTC
Last updated: 07/02/2026, 23:11:23 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.