Improper Validation Vulnerability in ZenHive mpp Product
CVE-2026-59694
8.3HIGH
What is CVE-2026-59694?
The vulnerability in ZenHive mpp allows unauthenticated remote clients to exploit improper validation of input fields, particularly affecting the gas cost incurred by fee payers. When configured to pay fees, the mpp library fails to validate the EIP-2930 access list entries provided by clients. This can lead to substantial increases in gas costs for transactions as clients can submit a valid transfer alongside false entries that dramatically inflate the expenses. Sustained exploitation could severely impact operating margins for sponsors, leading to potential financial loss and drain on fee-payer wallets.
Affected Version(s)
mpp 0.2.0 < 0.6.0
mpp d29d54e507918db00a5b65d90136b73166c017d7 < 5d6338e2334084c5f2a78cfcca474830733ed7e8
