🔴 《严重安全漏洞:CVE-2026-54496》

CVSS 评分: 严重(9.3)  状态: Received  发布时间: 2026-07-17


漏洞描述

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2_gadgets/src/ecc/chip/mul/incomplete.rs used assign_advice() for the base point without a copy constraint tying it to the actual base, allowing a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point and bypass the diversified-address-integrity check that binds pk_d, g_d, ivk, the nullifier (nf), and the spend validating key (ak) to the note being spent. This issue is fixed in zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0.


🔍 技术细节

字段
CVE ID CVE-2026-54496
CVSS 评分 9.3 🔴
严重程度 严重
CVSS 向量 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
CWE 分类 CWE-345
发布时间 2026-07-17
最后更新 2026-07-17
状态 Received
数据来源 security-advisories@github.com

🔗 参考链接