CVE-2026-59252
ZenHive · mpp
ZenHive mpp contains an input validation vulnerability that allows unauthenticated remote attackers to drain fee-payer wallets, causing denial of service.
Executive summary
An unauthenticated remote code vulnerability in ZenHive mpp permits malicious actors to drain fee-payer wallets, leading to significant financial and operational impact.
Vulnerability
The application fails to properly validate the specified quantity in user input (CWE-1284). This flaw allows an unauthenticated remote client to manipulate transaction parameters to drain the fee-payer wallet.
Business impact
Successful exploitation results in the unauthorized depletion of financial assets stored in fee-payer wallets. With a CVSS score of 8.2, this high-severity vulnerability poses a substantial risk to service availability and fiscal integrity. Organizations may face direct financial loss and operational downtime for all legitimate clients relying on the affected infrastructure.
Remediation
Immediate Action: Update to version 0.6.0 or the latest patched release provided by ZenHive.
Proactive Monitoring: Review transaction logs for anomalous wallet activity or unexpected spikes in fee consumption.
Compensating Controls: Implement stricter rate limiting and input validation at the Web Application Firewall level to block malformed transaction requests.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the potential for direct financial theft and service disruption, administrators must prioritize patching this vulnerability immediately. Upgrading to the remediated version is the only effective way to prevent unauthorized wallet drainage.