Zcash Foundation states that Zebra 4.5.0 fixes a consensus fork risk with zcashd and several high-severity denial-of-service issues, prompting an urgent upgrade recommendation for node operators.
Zcash Foundation released Zebra 4.5.0 with fixes for a consensus-critical vulnerability and multiple high-severity denial-of-service issues in the Zcash node software. The update corrects a P2SH sigop counting error that could have caused Zebra to fork from zcashd, and also patches flaws involving the NU5 block validation cache, transparent address balance overflow, RPC, and the mempool. Node operators were strongly urged to upgrade immediately. The existing information also indicates the release adds ZIP-213 support and forms part of a broader security hardening effort covering more than 80 security reports disclosed in April-May 2026.