https://vulnerability.circl.lu/sightings/feed 2026-05-28T16:08:27.053727+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/2a5312d2-936f-49e2-b94b-72e85cb46b4f/export 2026-05-28T16:08:28.636239+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "2a5312d2-936f-49e2-b94b-72e85cb46b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4449", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmnvmckqv2x", "content": "", "creation_timestamp": "2026-03-22T04:00:58.400006Z"} 2026-03-22T04:00:58.400006+00:00 https://vulnerability.circl.lu/sighting/1931c040-ed4f-47f8-97ee-454ce01e4004/export 2026-05-28T16:08:28.635251+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "1931c040-ed4f-47f8-97ee-454ce01e4004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4449", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260324", "content": "", "creation_timestamp": "2026-03-24T01:00:00.000000Z"} 2026-03-24T01:00:00+00:00 https://vulnerability.circl.lu/sighting/870d97b2-aac9-4e96-a38b-05526fc9fe59/export 2026-05-28T16:08:28.635175+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "870d97b2-aac9-4e96-a38b-05526fc9fe59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44499", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mleeu5cpdq2v", "content": "CVE-2026-44499 - ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning\nCVE ID : CVE-2026-44499\n \n Published : May 8, 2026, 4:16 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4....", "creation_timestamp": "2026-05-08T18:38:33.638031Z"} 2026-05-08T18:38:33.638031+00:00 https://vulnerability.circl.lu/sighting/c71499fc-44c6-4a36-9940-8659052150fa/export 2026-05-28T16:08:28.635090+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "c71499fc-44c6-4a36-9940-8659052150fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44497", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlefxc4vyb2n", "content": "CVE-2026-44497 - ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer\nCVE ID : CVE-2026-44497\n \n Published : May 8, 2026, 3:17 p.m. | 3\u00a0hours, 3\u00a0minutes ago\n \n Description : ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad ve...", "creation_timestamp": "2026-05-08T18:58:13.013991Z"} 2026-05-08T18:58:13.013991+00:00 https://vulnerability.circl.lu/sighting/4c2c7a85-57a4-487b-bfa3-f5d619b979b9/export 2026-05-28T16:08:28.635010+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "4c2c7a85-57a4-487b-bfa3-f5d619b979b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44497", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleg2thkp72q", "content": "\ud83d\udd34 CVE-2026-44497 - Critical (9.1)\n\nZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44497/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T19:00:12.474969Z"} 2026-05-08T19:00:12.474969+00:00 https://vulnerability.circl.lu/sighting/2a78fe9a-4b6a-4e5a-a04f-86701338bc12/export 2026-05-28T16:08:28.634923+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "2a78fe9a-4b6a-4e5a-a04f-86701338bc12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44498", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleg32ofn226", "content": "\ud83d\udfe0 CVE-2026-44498 - High (7.5)\n\nZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator u...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44498/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T19:00:19.765601Z"} 2026-05-08T19:00:19.765601+00:00 https://vulnerability.circl.lu/sighting/0ceb82f1-e40b-427c-92e6-d54f9696b1cc/export 2026-05-28T16:08:28.634797+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "0ceb82f1-e40b-427c-92e6-d54f9696b1cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44498", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mleh34z5ru2q", "content": "CVE-2026-44498 - ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops\nCVE ID : CVE-2026-44498\n \n Published : May 8, 2026, 3:17 p.m. | 3\u00a0hours, 3\u00a0minutes ago\n \n Description : ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator ...", "creation_timestamp": "2026-05-08T19:18:15.754874Z"} 2026-05-08T19:18:15.754874+00:00 https://vulnerability.circl.lu/sighting/173b3b7b-e3ff-47a8-a9ea-3c48a649edf1/export 2026-05-28T16:08:28.632023+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "173b3b7b-e3ff-47a8-a9ea-3c48a649edf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44499", "type": "seen", "source": "https://gist.github.com/alon710/b2fb36b6ecfecf3424b0cb12c54264f5", "content": "# CVE-2026-44499: CVE-2026-44499: Permanent Block Discovery Halt in Zebra via Gossip Queue Saturation\n\n> **CVSS Score:** 8.7\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-44499\n\n## Summary\nCVE-2026-44499 is a composite Denial of Service (DoS) vulnerability affecting Zebra, the Rust implementation of a Zcash full node. By exploiting architectural flaws in the peer-to-peer (P2P) communication stack, an unauthenticated attacker can saturate internal message queues and poison the chain discovery process, permanently isolating the target node from the network.\n\n## TL;DR\nUnauthenticated attackers can permanently halt block discovery in Zebra nodes prior to v4.4.0 by saturating the P2P gossip queue and providing unpenalized empty responses to synchronization requests.\n\n## Technical Details\n\n- **CVSS Score**: 8.7\n- **CWE ID**: CWE-770\n- **Attack Vector**: Network\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n- **Authentication**: None Required\n\n## Affected Systems\n\n- Zebra < 4.4.0\n- **Zebra**: < 4.4.0 (Fixed in: `4.4.0`)\n\n## Mitigation\n\n- Upgrade to Zebra version 4.4.0 or later.\n- Implement network-level rate limiting for inbound P2P connections.\n- Monitor node synchronization metrics for abrupt halts in block height progression.\n\n**Remediation Steps:**\n1. Stop the affected Zebra service gracefully.\n2. Update the Zebra binary to version 4.4.0 via your package manager or by compiling from the official repository.\n3. Restart the Zebra service and monitor the logs to verify successful synchronization with the network.\n\n## References\n\n- [GitHub Security Advisory: GHSA-h9hm-m2xj-4rq9](https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-h9hm-m2xj-4rq9)\n- [CVE.org Record for CVE-2026-44499](https://www.cve.org/CVERecord?id=CVE-2026-44499)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-44499) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T20:10:29.000000Z"} 2026-05-08T20:10:29+00:00