{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/payment-channel/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-34209"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["vulnerability","payment-channel","typescript"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe mppx library is a TypeScript interface designed for machine payments protocols. A vulnerability, identified as CVE-2026-34209, exists in versions prior to 0.4.11. Specifically, the \u003ccode\u003etempo/session\u003c/code\u003e cooperative close handler incorrectly validates close voucher amounts. Instead of using a less than or equal to (\u003ccode\u003e\u0026lt;=\u003c/code\u003e) comparison, it uses a less than (\u003ccode\u003e\u0026lt;\u003c/code\u003e) comparison when checking against the on-chain settled amount. This flaw allows a malicious actor to submit a close voucher with an amount…\u003c/p\u003e\n","date_modified":"2026-03-31T15:21:06Z","date_published":"2026-03-31T15:21:06Z","id":"/briefs/2026-07-mppx-vuln/","summary":"A vulnerability exists in mppx TypeScript interface before version 0.4.11, allowing attackers to close or grief channels for free by submitting close vouchers equal to the settled amount due to incorrect validation.","title":"MPPX TypeScript Interface Vulnerability (CVE-2026-34209)","url":"https://feed.craftedsignal.io/briefs/2026-07-mppx-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — Payment-Channel","version":"https://jsonfeed.org/version/1.1"}