CVE-2026-59695 is a vulnerability in ZenHive's mpp library that allows an unauthenticated remote client to drain the fee-payer wallet by naming an arbitrarily high gas price. The vulnerability is caused by the improper validation of specified quantity in input in the mpp library. When the library is configured as a fee payer, it re-signs client-supplied base fields of the 0x76 AASigned envelope verbatim, [truncated]
CVE-2026-59694 is a vulnerability in ZenHive's mpp library, which allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. The vulnerability occurs when the mpp Elixir library is configured as a fee payer and re-signs the client-supplied base fields of the 0x76 AASigned envelope verbatim, including the EIP-2930 [truncated]
CVE-2026-59252 is an Improper Validation of Specified Quantity in Input vulnerability in ZenHive mpp that allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. The vulnerability affects mpp versions from 0.2.0 before 0.6.0. The issue arises when the mpp Elixir library is configured as a fee payer and does not validate the client-suppl [truncated]