Auth bypass in Alchemyplatform Modular-account

CVE-2025-46834

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys…

Vulnerability class: Broken Access Control

EPSS: 0.003 (25.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References