CVE-2026-34209 HIGH

CVE-2026-34209: mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

Vendor Wevm
Product mppx
Weakness CWE-294
Published March 31, 2026
Last update April 2, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11.

Key dates

02Disclosure timeline

March 31, 2026 CVE published
April 2, 2026 Record updated