10 matches found
Improper Input Validation
mppx is vulnerable to improper input validation. The vulnerability is due to improper validation in the cooperative close handler, where the close voucher amount was checked using “” instead of “=” against the on-chain settled amount, which allows an attacker to submit a close voucher equal to th...
CVE-2026-34209
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209
The CVE-2026-34209 entry concerns the mppx TypeScript interface for the machine payments protocol. According to connected Red Hat/NVD/NVD-enriched data, the vulnerability lies in the tempo/session cooperative close handler, which validated the close voucher amount using < instead of
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...
GHSA-MV9J-8JVG-J8MR mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...
PT-2026-28607
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...