Back to security portal
Solana account type misclassification
Reported on April 6, 2026
A flaw in Solana account classification could mislabel account permissions in unsupported-instruction detail views. Under specific conditions, this could reduce the accuracy of on-device transaction interpretation for complex account layouts. The issue has been fixed by correcting classification behavior to better align with Solana permission semantics.
Reported by LoopGhost
Resolved vulnerabilities
Reported by community. Investigated. Resolved. Because your security is never optional.
- Unauthenticated Remote DoS via xpub Change-Index AmplificationMay 19, 2026
- Unauthenticated Remote Memory Exhaustion via Unbounded Timestamp ArrayMay 19, 2026
- Cross-Origin Popup Takeover in Trezor Connect popupMay 3, 2026
- Solana ALT recipient confirmation mismatchApril 6, 2026
- Reflected cross-site scripting (XSS) vulnerability on connect.trezor.io via hash fragment script injectionMarch 25, 2026
- EIP-712 Domain Spoofing via Double-FetchMarch 21, 2026