Vulnerability in Wevm Mppx

CVE-2026-34210

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a val…

EPSS: 0.000 (4.3th percentile) — read the EPSS interpretation.

Affected products

Wevm Mppx — versions < 0.4.11

Weakness classification (CWE)

CWE-697 — Incorrect Comparison

References

https://github.com/wevm/mppx/security/advisories/GHSA-8mhj-rffc-rcvw (x_refsource_CONFIRM)
https://github.com/wevm/mppx/commit/b2b1a0b60506fc71aa80b8a025084949dca1a994 (x_refsource_MISC)
https://github.com/wevm/mppx/releases/tag/mppx@0.4.11 (x_refsource_MISC)