CVE
CVE-2026-34209
mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Impact
The tempo/session cooperative close handler validated the close voucher amount using < instead of <= against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free.
Patches
Fixed in 0.4.11.
Workarounds
There are no workarounds available for this vulnerability.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
C
H
U
-
Related Resources
No items found.
References
https://github.com/wevm/mppx/security/advisories/GHSA-mv9j-8jvg-j8mr, https://nvd.nist.gov/vuln/detail/CVE-2026-34209, https://github.com/wevm/mppx/commit/94088246ee18f21b5d6be40d9e7a464f5a280bfb, https://github.com/wevm/mppx, https://github.com/wevm/mppx/releases/tag/mppx@0.4.11
Basic Information
Ecosystem
