CVE-2026-34209

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-34209
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34209.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-34209
Aliases
Published
2026-03-31T14:10:46.416Z
Modified
2026-04-02T13:29:32.565506Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Details

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11.

Database specific 
{
    "cwe_ids": [
        "CWE-294"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34209.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/wevm/mppx

Affected ranges

Type
GIT
Repo
https://github.com/wevm/mppx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8ce9f56b6c75c807ecd758563d94f2a698fb5335
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.4.11"
        }
    ]
}

Affected versions

mpay@0.*
mpay@0.1.0
mpay@0.2.0
mpay@0.2.1
mpay@0.2.2
mpay@0.2.3
mpay@0.2.4
mppx@0.*
mppx@0.1.0
mppx@0.1.1
mppx@0.2.0
mppx@0.2.1
mppx@0.2.2
mppx@0.2.3
mppx@0.2.4
mppx@0.2.5
mppx@0.2.6
mppx@0.3.1
mppx@0.3.11
mppx@0.3.12
mppx@0.3.13
mppx@0.3.14
mppx@0.3.15
mppx@0.3.16
mppx@0.3.2
mppx@0.3.3
mppx@0.3.4
mppx@0.3.5
mppx@0.3.6
mppx@0.3.7
mppx@0.3.8
mppx@0.3.9
mppx@0.4.0
mppx@0.4.1
mppx@0.4.10
mppx@0.4.2
mppx@0.4.3
mppx@0.4.4
mppx@0.4.5
mppx@0.4.6
mppx@0.4.7
mppx@0.4.8
mppx@0.4.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34209.json"