Zcash Foundation has urged Zebra node operators to upgrade immediately. In a post on X, the foundation said Zebra version 4.5.0 addresses flaws that could disrupt network operations, stop nodes from synchronizing, or cause disagreements over valid blockchain data.
The security update comes as Zcash developers continue to strengthen the network’s infrastructure and expand its privacy features. Alongside the security fixes, Zebra 4.5.0 adds support for mining rewards to be sent directly to shielded addresses. The feature allows miners to receive rewards without publicly exposing transaction details, further advancing one of Zcash’s core goals.
Consensus bug raised chain split risks
The most critical vulnerability affected Zebra’s transparent script parser (P2SH redeem scripts with disabled opcodes), creating a risk that some nodes could interpret blockchain data differently. According to the Zcash Foundation, the bug caused Zebra to undercount signature operations against the 20,000-sigop block limit.
As a result, the software could accept blocks that other Zcash implementations would reject, increasing the possibility of network disagreement or, in an extreme scenario, a chain split. The foundation credited researcher Samsulselfut with discovering the issue.
Developers also addressed several high- and medium-severity denial-of-service vulnerabilities that could affect network stability. These include node panics on consensus-valid blocks (e.g., address balance overflow causing permanent halts on restart), mempool queue monopolization by malicious peers, sync restart poisoning, subtree corruption after forks, RPC panics, and memory leaks. All listed issues were fixed with no effective workarounds; full details and 11+ advisories are in the official announcement.
Security review produced dozens of findings
The update follows a broad security review of Zebra, Zcash’s node software, that uncovered weaknesses across several parts of the system.
According to the Zcash Foundation, researchers submitted more than 80 reports through its ZCG Vulnerability Disclosure Initiative. The findings helped developers identify and fix issues affecting networking, transaction validation, blockchain synchronization, wallet functions, and balance calculations.
The review led to a series of software improvements designed to make Zebra more secure and resilient. The latest release incorporates those fixes as the foundation works to strengthen the reliability of the network’s core infrastructure.
The foundation also said no effective workaround exists for the vulnerabilities addressed in the release. As a result, it urged all Zebra node operators to upgrade to version 4.5.0 as soon as possible to ensure continued network security and stability.
Privacy network gains fresh attention
Zcash has also attracted renewed interest from a segment of early cryptocurrency investors seeking stronger privacy protections. According to a recent report by The Wall Street Journal, some longtime Bitcoin supporters have started exploring Zcash because of its ability to shield transaction details from public view.
Further, Bitcoin transactions are recorded on a transparent blockchain, while Zcash offers an optional privacy feature that can hide wallet addresses and transaction amounts using a cryptographic system called zk-SNARKs.
The renewed attention arrives as Zcash’s developers work to strengthen the network’s underlying infrastructure. The Zcash Foundation said Zebra 4.5.0 fixes a critical consensus vulnerability and several high-risk denial-of-service issues that could affect node performance. The organization urged all node operators to upgrade immediately.
The foundation remains in a relatively stable financial position as it continues funding development and network maintenance. At the end of the first quarter of 2026, it reported about $36.7 million in liquid assets, including roughly $21 million worth of ZEC tokens and $12.6 million held in cash and USDC. Quarterly operating expenses totaled about $817,000.
Also Read: Circle Blocks Zama Confidential USDC Contract Freezing $12.6M in User Funds
