Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 2:10 p.m.2 views

CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 2:10 p.m.14 views

CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References5
CVE
CVE
added 2026/03/31 2:10 p.m.33 views

CVE-2026-34209

The CVE-2026-34209 entry concerns the mppx TypeScript interface for the machine payments protocol. According to connected Red Hat/NVD/NVD-enriched data, the vulnerability lies in the tempo/session cooperative close handler, which validated the close voucher amount using < instead of

7.5CVSS5.8AI score0.00359EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/29 3:10 p.m.6 views

mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder