CVE-2020-26895

2020-10-2102:00:23

mitre

www.cve.org

0.001 Low

EPSS

Percentile

25.3%

JSON

Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.