CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2025/05/17 8:2 p.m.•14 views

CVE-2025-46834

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...

8.7CVSS6.9AI score0.00376EPSS

Exploits0References1

NVD•added 2025/05/15 8:16 p.m.•7 views

CVE-2025-46834

8.7CVSS0.00376EPSS

Exploits0References2

CVE•added 2025/05/15 7:37 p.m.•29 views

CVE-2025-46834

Summary: CVE-2025-46834 concerns Alchemy’s Modular Account (2.x branch) prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, where the allowlist module fails to check the path from executeUserOp to execute or executeBatch. This gap permits any session key to bypass access controls and access...

8.7CVSS6.8AI score0.00376EPSS

Exploits0References2

OSV•added 2025/05/15 7:37 p.m.•4 views

CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook

8.7CVSS6.7AI score0.00376EPSS

Exploits0References4

CNNVD•added 2025/05/15 12:0 a.m.•2 views

Modular Account 安全漏洞

Modular Account is an open source application from Alchemy. A security vulnerability exists in Modular Account that stems from the allowlist module not checking the executeUserOp path, which could lead to bypassing access control restrictions...

8.7CVSS6.6AI score0.00376EPSS

Exploits0References2

OSV•added 2025/04/29 3:11 p.m.•2 views

GHSA-WFM2-RQ5G-F8V5 @account-kit/smart-contracts Allowlist Module Bypass Vulnerability

Summary Allowlist module contains a bypass vulnerability Details The logic for using an allowlist on a Modular Account V2 contained a bug that allowed session keys to bypass any allowlist configuration Action If you are using @aa-sdk and/or @account-kit/smart-contracts between the versions of...

8.7CVSS7.1AI score

Exploits0References3