In a recent tweet, Zcash Open Development Lab (ZODL) shares a security disclosure regarding zcashd and Zebra vulnerabilities that have been discovered and fixed, including a bug that could crash nodes handling some Orchard transactions.
With this in mind, ZODL said it released zcashd v6.12.1 and the Zcash Foundation released Zebra v4.3.1, fixing four vulnerabilities, including an Orchard action encoding bug that could crash nodes and a related consensus issue between the two clients.
Security Disclosure: We released zcashd v6.12.1 and the Zcash Foundation released Zebra v4.3.1, fixing four vulnerabilities, including an Orchard action encoding bug that could crash nodes and a related consensus sharing issue between the two clients.
Mining pools…
– Zcash Open Dev Lab (@zodl_co) April 17, 2026
Multiple vulnerabilities in zcashd and Zebra were discovered and fixed, including a bug that could crash nodes handling some Orchard transactions, a consensus enforcement gap between the two implementations that could have triggered a chain fork, a bug that could disable zcashd’s round-robin accounting enforcement, and undefined behavior due to unchecked integer arithmetic in pool balance calculations.
Mining pools running both implementations have already deployed patches, with no evidence that any of the bugs have been exploited.
Additionally, the vulnerabilities have not been exploited to affect the consensus chain. Zcash maintains that all user funds remain safe and user privacy is not threatened. None of these vulnerabilities could, on their own, have been used to inflate $ZEC provide. provide.
Both Zcashd and Zebra required fixes and were updated in coordination before public release.
Mining pools representing a large majority of the network’s hashing power and the main operator running Zebra in mining production patches deployed ahead of the disclosure.
Zcash News
Zcash Shielded pool recently reached an all-time high, 31% of total $ZEC is now in the encrypted pool. A year ago, this figure was 11%, but now 59% of transactions are protected.
Zcash is actively testing NIST-standardized lattice-based cryptography (ML-KEM, ML-DSA) in an effort to prepare for post-quantum. This comes after Google’s March 31 paper showed that quantum threats are 20 times closer than previously thought.
Zcash Network’s hash rate also set a new all-time high at 16.54 GS/s, indicating miner engagement more than ever.