Zebra (JSON-RPC), Denial of Service (DoS), CVE-2026-40881 (Moderate)

Listen to this Post

How the CVE Works

Zebra’s JSON-RPC HTTP middleware treats a failure to read the incoming HTTP request body as an unrecoverable error. An authenticated client can disconnect after sending only part of a the request body (e.g., by resetting the TCP connection mid‑transfer). Instead of returning an error response, Zebra aborts the process, causing the node to crash. The vulnerability requires authentication (a valid RPC cookie when cookie authentication is enabled) and can be exploited only by clients that have passed authentication.

DailyCVE Form

  • Platform: Zebra (RPC)
  • Version: 2.2.0 – 4.3.1
  • Vulnerability: DoS via interrupted request
  • Severity: Moderate
  • date: 2026‑04‑17
  • Prediction: 2026‑04‑20

What Undercode Say

Check your Zebra version
zebrad --version
If vulnerable, upgrade immediately
cargo install --git https://github.com/ZcashFoundation/zebra.git --tag 4.3.1

Exploit

An attacker with a valid RPC cookie can:

1. Initiate a JSON‑RPC request.

  1. Send only part of the HTTP request body.
  2. Close the TCP connection (e.g., send a TCP RST packet).
  3. The node crashes instead of returning an error.

Protection from this CVE

  • Upgrade to Zebra 4.3.1 or later.
  • If upgrading is not possible, ensure the RPC port is not exposed to untrusted networks and that cookie authentication remains enabled (default).

Impact

  • Attack Vector: Network, authenticated (requires valid RPC cookie).
  • Effect: Immediate crash of the Zebra node.
  • Scope: Any node whose RPC interface is reachable by a client with valid credentials, or any node with cookie authentication disabled and an exposed RPC interface.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top