Resource exhaustion bug in unconfirmed transaction processing: an attacker could send specially-crafted unconfirmed transactions to exhaust victim CPU. Fixed in v30.0 (Oct 10 2025). Severity: Low.