Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities by wevm
CVE-2026-34209 (GCVE-0-2026-34209)
Vulnerability from cvelistv5 – Published: 2026-03-31 14:10 – Updated: 2026-04-02 15:13
VLAI?
Title
mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Summary
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11.
Severity ?
7.5 (High)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T15:13:21.208040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T15:13:32.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mppx",
"vendor": "wevm",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using \"\u003c\" instead of \"\u003c=\" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:10:46.416Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wevm/mppx/security/advisories/GHSA-mv9j-8jvg-j8mr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wevm/mppx/security/advisories/GHSA-mv9j-8jvg-j8mr"
},
{
"name": "https://github.com/wevm/mppx/commit/94088246ee18f21b5d6be40d9e7a464f5a280bfb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wevm/mppx/commit/94088246ee18f21b5d6be40d9e7a464f5a280bfb"
},
{
"name": "https://github.com/wevm/mppx/releases/tag/mppx@0.4.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wevm/mppx/releases/tag/mppx@0.4.11"
}
],
"source": {
"advisory": "GHSA-mv9j-8jvg-j8mr",
"discovery": "UNKNOWN"
},
"title": "mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34209",
"datePublished": "2026-03-31T14:10:46.416Z",
"dateReserved": "2026-03-26T15:57:52.324Z",
"dateUpdated": "2026-04-02T15:13:32.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34210 (GCVE-0-2026-34210)
Vulnerability from cvelistv5 – Published: 2026-03-31 14:10 – Updated: 2026-03-31 18:53
VLAI?
Title
mppx has Stripe charge credential replay via missing idempotency check
Summary
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a new successful payment without actually charging the customer again. This allowed an attacker to pay once and consume unlimited resources by replaying the credential. This issue has been patched in version 0.4.11.
Severity ?
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T18:50:24.072789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T18:53:01.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mppx",
"vendor": "wevm",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe\u0027s Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a new successful payment without actually charging the customer again. This allowed an attacker to pay once and consume unlimited resources by replaying the credential. This issue has been patched in version 0.4.11."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:10:10.463Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wevm/mppx/security/advisories/GHSA-8mhj-rffc-rcvw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wevm/mppx/security/advisories/GHSA-8mhj-rffc-rcvw"
},
{
"name": "https://github.com/wevm/mppx/commit/b2b1a0b60506fc71aa80b8a025084949dca1a994",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wevm/mppx/commit/b2b1a0b60506fc71aa80b8a025084949dca1a994"
},
{
"name": "https://github.com/wevm/mppx/releases/tag/mppx@0.4.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wevm/mppx/releases/tag/mppx@0.4.11"
}
],
"source": {
"advisory": "GHSA-8mhj-rffc-rcvw",
"discovery": "UNKNOWN"
},
"title": "mppx has Stripe charge credential replay via missing idempotency check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34210",
"datePublished": "2026-03-31T14:10:10.463Z",
"dateReserved": "2026-03-26T15:57:52.324Z",
"dateUpdated": "2026-03-31T18:53:01.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}