CVE-2020-26895

Name of the Vulnerable Software and Affected Versions LND versions prior to 0.10.0-beta

Description The issue allows any peer with an open channel to exploit the vulnerability, regardless of the victim's situation, such as being a routing node, payment-receiver, or payment-sender. This can lead to a loss of funds in certain situations. The vulnerability is related to the acceptance of a counterparty high-S signature and the broadcast of invalid local commitment/HTLC transactions.

Recommendations For versions prior to 0.10.0-beta, upgrade to a version 0.11.x release as soon as possible. At the moment, there is no information about other mitigation measures for this vulnerability.