CosmWasm Runtime Capability Bypass Vulnerability Allowing Unauthorized Blockchain Actions

Vulnerability

A vulnerability in CosmWasm prior to version 2.2.0 allows attackers to bypass capability restrictions in blockchains. This is achieved by exploiting a lack of runtime capability validation, which enables the deployment of contracts without proper capability enforcement. As a result, unauthorized actions can be executed on the blockchain.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on the blockchain, potentially allowing for malicious contract deployment and execution of actions that bypass normal capability restrictions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CosmWasm Runtime Capability Bypass Vulnerability Allowing Unauthorized Blockchain Actions

Vulnerability

Impact

Affected Products

CosmWasm

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating