CVE-2020-26896
The CVE affects LND (Lightning Network Daemon) prior to version 0.11.0-beta, specifically its invoice database. The root cause is that, when claiming an on-chain HTLC output, LND did not verify that the corresponding off-chain HTLC had already been settled before releasing the preimage. In a hash...