🔴 严重 | CVE-2026-54496 — ZEBRA is a Zcash node written entirely in Rust. Pr...
🔴 《严重安全漏洞:CVE-2026-54496》
CVSS 评分: 严重(9.3) 状态: Received 发布时间: 2026-07-17
漏洞描述
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2_gadgets/src/ecc/chip/mul/incomplete.rs used assign_advice() for the base point without a copy constraint tying it to the actual base, allowing a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point and bypass the diversified-address-integrity check that binds pk_d, g_d, ivk, the nullifier (nf), and the spend validating key (ak) to the note being spent. This issue is fixed in zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0.
🔍 技术细节
| 字段 | 值 |
|---|---|
| CVE ID | CVE-2026-54496 |
| CVSS 评分 | 9.3 🔴 |
| 严重程度 | 严重 |
| CVSS 向量 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L |
| CWE 分类 | CWE-345 |
| 发布时间 | 2026-07-17 |
| 最后更新 | 2026-07-17 |
| 状态 | Received |
| 数据来源 | security-advisories@github.com |
🔗 参考链接
https://github.com/ZcashFoundation/zebra/releases/tag/v5.0.0
https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-ww9q-8r59-xv46
https://github.com/zcash/halo2/releases/tag/halo2_gadgets-0.5.0
https://github.com/zcash/librustzcash/releases/tag/zcash_primitives-0.28.0
https://zfnd.org/zebra-4-5-3-and-5-0-0-emergency-soft-fork-and-nu6-2-activation