Listen to this Post
How the CVE Works
Zebra’s JSON-RPC HTTP middleware treats a failure to read the incoming HTTP request body as an unrecoverable error. An authenticated client can disconnect after sending only part of a the request body (e.g., by resetting the TCP connection mid‑transfer). Instead of returning an error response, Zebra aborts the process, causing the node to crash. The vulnerability requires authentication (a valid RPC cookie when cookie authentication is enabled) and can be exploited only by clients that have passed authentication.
DailyCVE Form
- Platform: Zebra (RPC)
- Version: 2.2.0 – 4.3.1
- Vulnerability: DoS via interrupted request
- Severity: Moderate
- date: 2026‑04‑17
- Prediction: 2026‑04‑20
What Undercode Say
Check your Zebra version zebrad --version If vulnerable, upgrade immediately cargo install --git https://github.com/ZcashFoundation/zebra.git --tag 4.3.1
Exploit
An attacker with a valid RPC cookie can:
1. Initiate a JSON‑RPC request.
- Send only part of the HTTP request body.
- Close the TCP connection (e.g., send a TCP RST packet).
- The node crashes instead of returning an error.
Protection from this CVE
- Upgrade to Zebra 4.3.1 or later.
- If upgrading is not possible, ensure the RPC port is not exposed to untrusted networks and that cookie authentication remains enabled (default).
Impact
- Attack Vector: Network, authenticated (requires valid RPC cookie).
- Effect: Immediate crash of the Zebra node.
- Scope: Any node whose RPC interface is reachable by a client with valid credentials, or any node with cookie authentication disabled and an exposed RPC interface.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

