Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

GHSA-qv2r-v3mx-f4pf: zebrad has full node denial of service via non-ASCII LongPollId in getblocktemplate

0
Medium
Published: 07/02/2026 (07/02/2026, 19:28:03 UTC)
Source: GCVE Database
Product: zebra-rpc

Description

A vulnerability in zebrad up to and including v4.4.1 allows an authenticated RPC client to cause a denial of service by sending a getblocktemplate request with a non-ASCII LongPollId. The RPC handler performs byte-index slicing on the LongPollId string, which panics in Rust when multi-byte UTF-8 characters are present, terminating the entire node process. This affects nodes with RPC enabled via a TCP address and requires attacker authentication to the RPC endpoint. The issue is fixed in zebrad 4.5.0 and zebra-rpc 8.0.0.

CVSS v3.1

Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected software

crates.ioghsa
zebra-rpc
Affected versions
<8.0.0
crates.ioghsa
zebrad
Affected versions
<4.5.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/02/2026, 23:12:51 UTC

Technical Analysis

The getblocktemplate RPC handler in zebrad versions up to v4.4.1 panics when parsing a LongPollId parameter containing non-ASCII UTF-8 characters due to byte-index string slicing that can land inside a multi-byte character boundary. Because zebrad is compiled with panic = "abort", this panic terminates the entire node process, resulting in a full node denial of service. The vulnerability requires the RPC server to be enabled on a TCP address and attacker authentication to the RPC endpoint. The issue is resolved by replacing byte-index slicing with character-aware parsing or validating the LongPollId as ASCII-only. Fixed in zebrad 4.5.0 and zebra-rpc 8.0.0.

Potential Impact

An authenticated attacker can send a specially crafted getblocktemplate RPC request with a non-ASCII LongPollId string, causing the zebrad node process to panic and terminate. This results in a full node denial of service. The impact affects mining pools and infrastructure that forward getblocktemplate calls. The denial of service is repeatable on node restart until patched or mitigated.

Mitigation Recommendations

A fix is available in zebrad 4.5.0 and zebra-rpc 8.0.0. Until upgrading, mitigate by disabling the RPC server (remove rpc.listen_addr from zebrad.toml), ensuring enable_cookie_auth is true and restricting access to the .cookie file, or placing a reverse proxy in front of the RPC port to validate that LongPollId parameters contain only ASCII characters before forwarding.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
GHSA-qv2r-v3mx-f4pf
Osv Schema Version
1.4.0
Aliases
["CVE-2026-52731"]
Ecosystems
["crates.io"]
Database Specific Severity
MODERATE
Cvss Version
3.1

Threat ID: 6a46ecb927e9c7971943cb2c

Added to database: 07/02/2026, 22:56:57 UTC

Last enriched: 07/02/2026, 23:12:51 UTC

Last updated: 07/03/2026, 03:26:55 UTC

Views: 4

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses