PT-2026-28607 · Npm · Mppx
Published
2026-03-29
·
Updated
2026-03-29
·
CVE-2026-34209
CVSS v3.1
7.5
High
| AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Impact
The
tempo/session cooperative close handler validated the close voucher amount using < instead of <= against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free.Patches
Fixed in 0.4.11.
Workarounds
There are no workarounds available for this vulnerability.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mppx