{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34209", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-26T15:57:52.324Z", "datePublished": "2026-03-31T14:10:46.416Z", "dateUpdated": "2026-04-02T15:13:32.047Z"}, "containers": {"cna": {"title": "mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality", "problemTypes": [{"descriptions": [{"cweId": "CWE-294", "lang": "en", "description": "CWE-294: Authentication Bypass by Capture-replay", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/wevm/mppx/security/advisories/GHSA-mv9j-8jvg-j8mr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/wevm/mppx/security/advisories/GHSA-mv9j-8jvg-j8mr"}, {"name": "https://github.com/wevm/mppx/commit/94088246ee18f21b5d6be40d9e7a464f5a280bfb", "tags": ["x_refsource_MISC"], "url": "https://github.com/wevm/mppx/commit/94088246ee18f21b5d6be40d9e7a464f5a280bfb"}, {"name": "https://github.com/wevm/mppx/releases/tag/mppx@0.4.11", "tags": ["x_refsource_MISC"], "url": "https://github.com/wevm/mppx/releases/tag/mppx@0.4.11"}], "affected": [{"vendor": "wevm", "product": "mppx", "versions": [{"version": "< 0.4.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T14:10:46.416Z"}, "descriptions": [{"lang": "en", "value": "mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using \"<\" instead of \"<=\" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11."}], "source": {"advisory": "GHSA-mv9j-8jvg-j8mr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:13:21.208040Z", "id": "CVE-2026-34209", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:13:32.047Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34209", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T15:13:21.208040Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:13:26.917Z"}}], "cna": {"title": "mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality", "source": {"advisory": "GHSA-mv9j-8jvg-j8mr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "wevm", "product": "mppx", "versions": [{"status": "affected", "version": "< 0.4.11"}]}], "references": [{"url": "https://github.com/wevm/mppx/security/advisories/GHSA-mv9j-8jvg-j8mr", "name": "https://github.com/wevm/mppx/security/advisories/GHSA-mv9j-8jvg-j8mr", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/wevm/mppx/commit/94088246ee18f21b5d6be40d9e7a464f5a280bfb", "name": "https://github.com/wevm/mppx/commit/94088246ee18f21b5d6be40d9e7a464f5a280bfb", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/wevm/mppx/releases/tag/mppx@0.4.11", "name": "https://github.com/wevm/mppx/releases/tag/mppx@0.4.11", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using \"<\" instead of \"<=\" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-294", "description": "CWE-294: Authentication Bypass by Capture-replay"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T14:10:46.416Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34209", "state": "PUBLISHED", "dateUpdated": "2026-04-02T15:13:32.047Z", "dateReserved": "2026-03-26T15:57:52.324Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T14:10:46.416Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wevm:mppx:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "72D62258-34DE-453F-8DFC-D25FA285D537", "versionEndExcluding": "0.4.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using \"<\" instead of \"<=\" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11."}], "id": "CVE-2026-34209", "lastModified": "2026-04-03T15:59:37.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T15:16:18.030", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/wevm/mppx/commit/94088246ee18f21b5d6be40d9e7a464f5a280bfb"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/wevm/mppx/releases/tag/mppx@0.4.11"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/wevm/mppx/security/advisories/GHSA-mv9j-8jvg-j8mr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}