HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-34210 — mppx is a TypeScript interface for machine payments protocol. Prior to version 0...

Tuesday, March 31, 2026 at 03:16 PM UTC·Source: NIST NVD

Updated: Monday, April 6, 2026 at 12:17 AM UTC

Executive Summary

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a new successful payment wi

Analysis

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a new successful payment without actually charging the customer again. This allowed an attacker to pay once and consume unlimited resources by replaying the credential. This issue has been patched in version 0.4.11. CVSS Score: 8.1. Published: 2026-03-31T15:16:18.207.

Indicators of Compromise (1)

CVE (1)
CVE-2026-34210
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Mar 31, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

The End of Static Security: Why AI Demands Real-Time Microsegmentation

AI is compressing cyberattack timelines from months to minutes. While segmentation has been a gold standard security practice for years, many organizations are still operating with outdated, static approaches.

Bank Info Security
MEDIUMVulnerability

Why Data Security Standards in Cancer Innovation Matter

Cancer research and treatment innovation - and the tech that powers that - requires a great deal of collaboration and data sharing among multiple parties. But keeping that sensitive information secure and private is crucial - and requires adherence to standards, said Baxter Lee of Clearwater.

Bank Info Security
MEDIUMVulnerability

One-Time Passcodes Are Gateway for Financial Fraud Attacks

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/one-time-passcodes-are-gateway-for-financial-fraud-attacks-image_small-6-a-31341.jpg" align=right hspace=4><b>Report Reveals Growing Trend of Fraudsters Intercepting SMS-Based Verification</b><br>Financial institutions have historically relied on one-time passcodes as a primary authentication control for their accountholders. But

Bank Info Security