Auth bypass in Alchemyplatform Modular-account
CVE-2025-46834
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys…
Vulnerability class: Broken Access Control
EPSS: 0.003 (25.4th percentile) — read the EPSS interpretation.
Affected products
- Alchemyplatform Modular-account — versions = 2.0.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)