Vulnerability Database

Published: Apr 29, 2025
Updated: Apr 30, 2025
GHSA: <a href="https://github.com/advisories/GHSA-wfm2-rq5g-f8v5" target="_blank" rel="noopener"> GHSA-wfm2-rq5g-f8v5
Severity: Medium
Exploit:

301,409

Total vulnerabilities in the database

Allowlist module contains a bypass vulnerability

The logic for using an allowlist on a Modular Account V2 contained a bug that allowed session keys to bypass any allowlist configuration

If you are using @aa-sdk and/or @account-kit/smart-contracts between the versions of >=4.8.0 and <4.28.1, please upgrade to 4.28.2

No technical information available.

CWEs:

Software	From	Fixed in
@account-kit / smart-contracts	4.8.0	4.28.2

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.