CVE-2026-34209 in wevm mppx
要約 (英語)
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11.
責任者
GitHub_M
予約する
2026年03月26日
公開
2026年03月31日
エントリ
VulDB provides additional information and datapoints for this CVE:
| 識別子 | 脆弱性 | CWE | 悪用可 | 対策 | CVE |
|---|---|---|---|---|---|
| 354397 | wevm mppx 弱い認証 | 294 | 未定義 | 公式な修正 | CVE-2026-34209 |