Back to security portal
Open redirect on affiliate page
Reported on March 20, 2026
An affiliate marketing tool used on our page enabled redirect to any website. An attacker could exploit this in a phishing campaign, redirecting from a legitimately looking URL to a malicious website.
Reported by Toshit Bharti
Trezor.io
Resolved vulnerabilities
Reported by the community. Investigated. Resolved. Because your security is never optional.
- Biometric Verification bypassed in Trezor Suite with external monitorMarch 9, 2026
- Insufficient entropy on Trezor Model One with 12/18 wordsFebruary 6, 2026
- Bug in multisig verificationJanuary 10, 2026
- Inability to cancel certain flows on pre-production firmwareOctober 31, 2025
- Fix side-channel in BIP-39 mnemonic processing when unlockedSeptember 24, 2025
- Donjon's Trezor Safe 3 evaluationNovember 12, 2024