Back to security portal
Open redirect
Reported on March 20, 2026
An affiliate marketing tool used on our page enabled redirect to any website. An attacker could exploit this in a phishing campaign, redirecting from a legitimately looking URL to a malicious website.
Reported by Toshit Bharti
Trezor.io
Resolved vulnerabilities
Reported by the community. Investigated. Resolved. Because your security is never optional.
- Biometric Verification bypassed in Trezor Suite with external monitorMarch 9, 2026
- Insufficient entropy on Trezor Model One with 12/18 wordsFebruary 6, 2026
- Bug in multisig verificationJanuary 10, 2026
- Inability to cancel certain flows on pre-production firmwareOctober 31, 2025
- Fix side-channel in BIP-39 mnemonic processing when unlockedSeptember 24, 2025
- Donjon's Trezor Safe 3 evaluationNovember 12, 2024