https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 10 May 2026 21:51:44 +0000 https://vulnerability.circl.lu/sighting/2a5312d2-936f-49e2-b94b-72e85cb46b4f/export {"uuid": "2a5312d2-936f-49e2-b94b-72e85cb46b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4449", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmnvmckqv2x", "content": "", "creation_timestamp": "2026-03-22T04:00:58.400006Z"} {"uuid": "2a5312d2-936f-49e2-b94b-72e85cb46b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4449", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmnvmckqv2x", "content": "", "creation_timestamp": "2026-03-22T04:00:58.400006Z"} https://vulnerability.circl.lu/sighting/2a5312d2-936f-49e2-b94b-72e85cb46b4f/export Sun, 22 Mar 2026 04:00:58 +0000 https://vulnerability.circl.lu/sighting/1931c040-ed4f-47f8-97ee-454ce01e4004/export {"uuid": "1931c040-ed4f-47f8-97ee-454ce01e4004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4449", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260324", "content": "", "creation_timestamp": "2026-03-24T01:00:00.000000Z"} {"uuid": "1931c040-ed4f-47f8-97ee-454ce01e4004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4449", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260324", "content": "", "creation_timestamp": "2026-03-24T01:00:00.000000Z"} https://vulnerability.circl.lu/sighting/1931c040-ed4f-47f8-97ee-454ce01e4004/export Tue, 24 Mar 2026 01:00:00 +0000 https://vulnerability.circl.lu/sighting/870d97b2-aac9-4e96-a38b-05526fc9fe59/export {"uuid": "870d97b2-aac9-4e96-a38b-05526fc9fe59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44499", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mleeu5cpdq2v", "content": "CVE-2026-44499 - ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning\nCVE ID : CVE-2026-44499\n \n Published : May 8, 2026, 4:16 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4....", "creation_timestamp": "2026-05-08T18:38:33.638031Z"} {"uuid": "870d97b2-aac9-4e96-a38b-05526fc9fe59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44499", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mleeu5cpdq2v", "content": "CVE-2026-44499 - ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning\nCVE ID : CVE-2026-44499\n \n Published : May 8, 2026, 4:16 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4....", "creation_timestamp": "2026-05-08T18:38:33.638031Z"} https://vulnerability.circl.lu/sighting/870d97b2-aac9-4e96-a38b-05526fc9fe59/export Fri, 08 May 2026 18:38:33 +0000 https://vulnerability.circl.lu/sighting/c71499fc-44c6-4a36-9940-8659052150fa/export {"uuid": "c71499fc-44c6-4a36-9940-8659052150fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44497", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlefxc4vyb2n", "content": "CVE-2026-44497 - ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer\nCVE ID : CVE-2026-44497\n \n Published : May 8, 2026, 3:17 p.m. | 3\u00a0hours, 3\u00a0minutes ago\n \n Description : ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad ve...", "creation_timestamp": "2026-05-08T18:58:13.013991Z"} {"uuid": "c71499fc-44c6-4a36-9940-8659052150fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44497", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlefxc4vyb2n", "content": "CVE-2026-44497 - ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer\nCVE ID : CVE-2026-44497\n \n Published : May 8, 2026, 3:17 p.m. | 3\u00a0hours, 3\u00a0minutes ago\n \n Description : ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad ve...", "creation_timestamp": "2026-05-08T18:58:13.013991Z"} https://vulnerability.circl.lu/sighting/c71499fc-44c6-4a36-9940-8659052150fa/export Fri, 08 May 2026 18:58:13 +0000 https://vulnerability.circl.lu/sighting/4c2c7a85-57a4-487b-bfa3-f5d619b979b9/export {"uuid": "4c2c7a85-57a4-487b-bfa3-f5d619b979b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44497", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleg2thkp72q", "content": "\ud83d\udd34 CVE-2026-44497 - Critical (9.1)\n\nZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44497/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T19:00:12.474969Z"} {"uuid": "4c2c7a85-57a4-487b-bfa3-f5d619b979b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44497", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleg2thkp72q", "content": "\ud83d\udd34 CVE-2026-44497 - Critical (9.1)\n\nZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44497/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T19:00:12.474969Z"} https://vulnerability.circl.lu/sighting/4c2c7a85-57a4-487b-bfa3-f5d619b979b9/export Fri, 08 May 2026 19:00:12 +0000 https://vulnerability.circl.lu/sighting/2a78fe9a-4b6a-4e5a-a04f-86701338bc12/export {"uuid": "2a78fe9a-4b6a-4e5a-a04f-86701338bc12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44498", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleg32ofn226", "content": "\ud83d\udfe0 CVE-2026-44498 - High (7.5)\n\nZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator u...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44498/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T19:00:19.765601Z"} {"uuid": "2a78fe9a-4b6a-4e5a-a04f-86701338bc12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44498", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleg32ofn226", "content": "\ud83d\udfe0 CVE-2026-44498 - High (7.5)\n\nZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator u...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44498/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T19:00:19.765601Z"} https://vulnerability.circl.lu/sighting/2a78fe9a-4b6a-4e5a-a04f-86701338bc12/export Fri, 08 May 2026 19:00:19 +0000 https://vulnerability.circl.lu/sighting/0ceb82f1-e40b-427c-92e6-d54f9696b1cc/export {"uuid": "0ceb82f1-e40b-427c-92e6-d54f9696b1cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44498", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mleh34z5ru2q", "content": "CVE-2026-44498 - ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops\nCVE ID : CVE-2026-44498\n \n Published : May 8, 2026, 3:17 p.m. | 3\u00a0hours, 3\u00a0minutes ago\n \n Description : ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator ...", "creation_timestamp": "2026-05-08T19:18:15.754874Z"} {"uuid": "0ceb82f1-e40b-427c-92e6-d54f9696b1cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44498", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mleh34z5ru2q", "content": "CVE-2026-44498 - ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops\nCVE ID : CVE-2026-44498\n \n Published : May 8, 2026, 3:17 p.m. | 3\u00a0hours, 3\u00a0minutes ago\n \n Description : ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator ...", "creation_timestamp": "2026-05-08T19:18:15.754874Z"} https://vulnerability.circl.lu/sighting/0ceb82f1-e40b-427c-92e6-d54f9696b1cc/export Fri, 08 May 2026 19:18:15 +0000 https://vulnerability.circl.lu/sighting/173b3b7b-e3ff-47a8-a9ea-3c48a649edf1/export {"uuid": "173b3b7b-e3ff-47a8-a9ea-3c48a649edf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44499", "type": "seen", "source": "https://gist.github.com/alon710/b2fb36b6ecfecf3424b0cb12c54264f5", "content": "# CVE-2026-44499: CVE-2026-44499: Permanent Block Discovery Halt in Zebra via Gossip Queue Saturation\n\n> **CVSS Score:** 8.7\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-44499\n\n## Summary\nCVE-2026-44499 is a composite Denial of Service (DoS) vulnerability affecting Zebra, the Rust implementation of a Zcash full node. By exploiting architectural flaws in the peer-to-peer (P2P) communication stack, an unauthenticated attacker can saturate internal message queues and poison the chain discovery process, permanently isolating the target node from the network.\n\n## TL;DR\nUnauthenticated attackers can permanently halt block discovery in Zebra nodes prior to v4.4.0 by saturating the P2P gossip queue and providing unpenalized empty responses to synchronization requests.\n\n## Technical Details\n\n- **CVSS Score**: 8.7\n- **CWE ID**: CWE-770\n- **Attack Vector**: Network\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n- **Authentication**: None Required\n\n## Affected Systems\n\n- Zebra < 4.4.0\n- **Zebra**: < 4.4.0 (Fixed in: `4.4.0`)\n\n## Mitigation\n\n- Upgrade to Zebra version 4.4.0 or later.\n- Implement network-level rate limiting for inbound P2P connections.\n- Monitor node synchronization metrics for abrupt halts in block height progression.\n\n**Remediation Steps:**\n1. Stop the affected Zebra service gracefully.\n2. Update the Zebra binary to version 4.4.0 via your package manager or by compiling from the official repository.\n3. Restart the Zebra service and monitor the logs to verify successful synchronization with the network.\n\n## References\n\n- [GitHub Security Advisory: GHSA-h9hm-m2xj-4rq9](https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-h9hm-m2xj-4rq9)\n- [CVE.org Record for CVE-2026-44499](https://www.cve.org/CVERecord?id=CVE-2026-44499)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-44499) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T20:10:29.000000Z"} {"uuid": "173b3b7b-e3ff-47a8-a9ea-3c48a649edf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44499", "type": "seen", "source": "https://gist.github.com/alon710/b2fb36b6ecfecf3424b0cb12c54264f5", "content": "# CVE-2026-44499: CVE-2026-44499: Permanent Block Discovery Halt in Zebra via Gossip Queue Saturation\n\n> **CVSS Score:** 8.7\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-44499\n\n## Summary\nCVE-2026-44499 is a composite Denial of Service (DoS) vulnerability affecting Zebra, the Rust implementation of a Zcash full node. By exploiting architectural flaws in the peer-to-peer (P2P) communication stack, an unauthenticated attacker can saturate internal message queues and poison the chain discovery process, permanently isolating the target node from the network.\n\n## TL;DR\nUnauthenticated attackers can permanently halt block discovery in Zebra nodes prior to v4.4.0 by saturating the P2P gossip queue and providing unpenalized empty responses to synchronization requests.\n\n## Technical Details\n\n- **CVSS Score**: 8.7\n- **CWE ID**: CWE-770\n- **Attack Vector**: Network\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n- **Authentication**: None Required\n\n## Affected Systems\n\n- Zebra < 4.4.0\n- **Zebra**: < 4.4.0 (Fixed in: `4.4.0`)\n\n## Mitigation\n\n- Upgrade to Zebra version 4.4.0 or later.\n- Implement network-level rate limiting for inbound P2P connections.\n- Monitor node synchronization metrics for abrupt halts in block height progression.\n\n**Remediation Steps:**\n1. Stop the affected Zebra service gracefully.\n2. Update the Zebra binary to version 4.4.0 via your package manager or by compiling from the official repository.\n3. Restart the Zebra service and monitor the logs to verify successful synchronization with the network.\n\n## References\n\n- [GitHub Security Advisory: GHSA-h9hm-m2xj-4rq9](https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-h9hm-m2xj-4rq9)\n- [CVE.org Record for CVE-2026-44499](https://www.cve.org/CVERecord?id=CVE-2026-44499)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-44499) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T20:10:29.000000Z"} https://vulnerability.circl.lu/sighting/173b3b7b-e3ff-47a8-a9ea-3c48a649edf1/export Fri, 08 May 2026 20:10:29 +0000