mppx: Tempo has a session close voucher bypass vulnerability due...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11.

Basic Information

ID CVE-2026-34209

Source GitHub_M

Published Mar 31, 2026 at 14:10

Modified Apr 2, 2026 at 15:13

Affected Product

Vendor wevm

Product mppx

Version < 0.4.11

Affected Versions wevm mppx < 0.4.11

CWE Classification

CWE-294

References

{
    "lastseen": "",
    "description": "mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using \"<\" instead of \"<=\" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11.",
    "published": "2026-03-31T14:10:46.416Z",
    "modified": "2026-04-02T15:13:32.047Z",
    "type": "cve",
    "title": "mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality",
    "source": "GitHub_M",
    "references": "https://github.com/wevm/mppx/security/advisories/GHSA-mv9j-8jvg-j8mr\nhttps://github.com/wevm/mppx/commit/94088246ee18f21b5d6be40d9e7a464f5a280bfb\nhttps://github.com/wevm/mppx/releases/tag/[email protected]",
    "id": "CVE-2026-34209",
    "bulletinFamily": "",
    "cwe": [
        "CWE-294"
    ],
    "cvelist": null,
    "sourceData": "wevm mppx < 0.4.11",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mppx",
    "version": "< 0.4.11",
    "vendor": "wevm",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality_CVE-2026-34209