CVE-2026-34209 in mppxinfo

Zusammenfassung (Englisch)

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Zuständig

GitHub_M

Reservieren

26.03.2026

Veröffentlichung

31.03.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
354397wevm mppx schwache Authentisierung294Nicht definiertOffizieller FixCVE-2026-34209

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter