CVE-2026-34209

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

mppx 安全漏洞

MPPX is a blockchain-based payment protocol SDK developed by Wevm. Versions of MPPX prior to 0.4.11 contained security vulnerabilities. These vulnerabilities stemmed from the stripe/charge payment method not checking Stripe’s Idempotent-Replayed response header, which could allow attackers to...

@0xsquid/mpp (>=0.1.1-beta.1 <=0.2.0), @agentmall/mcp (>=0.1.2 <=0.1.3) +85 more potentially affected by unknown CVE via mppx (>=0.1.1 <=0.4.12)

mppx NPM version =0.1.1, =0.1.1-beta.1, =0.1.2, =0.1.1, =0.1.1, =0.22.26, =0.3.0, =4.13.0, =1.0.1, =1.0.1, =1.2.4, =1.0.1, =1.0.1, =1.0.1, =0.2.0, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8X4M-QW58-3PCX...

@0xsquid/mpp (>=0.1.1-beta.1 <=0.2.0), @agentmall/mcp (>=0.1.2 <=0.1.3) +85 more potentially affected by unknown CVE via mppx (>=0.1.1 <=0.4.12)

mppx NPM version =0.1.1, =0.1.1-beta.1, =0.1.2, =0.1.1, =0.1.1, =0.22.26, =0.3.0, =4.13.0, =1.0.1, =1.0.1, =1.2.4, =1.0.1, =1.0.1, =1.0.1, =0.2.0, =0.2.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-MPPX-15857153...

@0xsquid/mpp (>=0.1.1-beta.1 <=0.2.0), @okxweb3/mpp (=0.1.0) +2 more potentially affected by CVE-2026-34210 via mppx (>=0.1.1 <=0.3.16)

mppx NPM version =0.1.1, =0.1.1-beta.1, =0.0.0-pr-153-20260307193247, =0.1.0, =0.1.4 Source cves: CVE-2026-34210 Source advisory: SNYK:JS-MPPX-15857146...

@0xsquid/mpp (>=0.1.1-beta.1 <=0.2.0), @okxweb3/mpp (=0.1.0) +2 more potentially affected by CVE-2026-34209 via mppx (>=0.1.1 <=0.3.16)

mppx NPM version =0.1.1, =0.1.1-beta.1, =0.0.0-pr-153-20260307193247, =0.1.0, =0.1.4 Source cves: CVE-2026-34209 Source advisory: OSV:GHSA-MV9J-8JVG-J8MR...