MEDIUM
Ledger
CVE published 2026-05-20
CVE-2023-7346
CVE-2023-7346 describes an address-derivation flaw in Ledger Bitcoin app versions 2.1.0 and 2.1.1. A maliciously crafted Miniscript policy containing the a: fragment can cause the device to derive and display an incorrect receiving Bitcoin address, creating a risk that funds are sent to the wrong destination. The supplied CVE record rates the issue Medium (CVSS 4.1), and the NVD entry cites Ledger’s discl [truncated]