CVE-2020-26896

Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy.

Publication date: Wed, 21 Oct 2020 07:15:00 +0000

Cyber News related to CVE-2020-26896

CVE-2020-26896 - Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing ...
4 years ago

CVE-2021-27063 - Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-26896. ...
3 years ago

CVE-2021-26896 - Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-27063. ...
3 years ago

CVE-2018-6635 - System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. ...
5 years ago

CVE-2022-26896 - Azure Site Recovery Information Disclosure Vulnerability ...
1 year ago

CVE-2024-26896 - In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) ...
9 months ago Tenable.com

CVE-2020-1246 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1266 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1262 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1275 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1264 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1276 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1274 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1237 - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, ...
3 years ago

CVE-2020-1307 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1273 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1316 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1269 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
2 years ago

CVE-2020-0986 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, ...
2 years ago

CVE-2020-0632 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0626 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0631 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0629 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0768 - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, ...
3 years ago

CVE-2020-0633 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

Latest Cyber News

whoAMI attacks give hackers code execution on Amazon EC2 instances - 46 minutes ago
Roundtable: Is DOGE Flouting Cybersecurity for US Data? - 1 hour ago
How Public & Private Sectors Can Better Align Cyber Defense - 2 hours ago
Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware - 2 hours ago
New Windows UI 0-Day Vulnerability Actively Exploited in the Wild - 4 hours ago
Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News - 4 hours ago
Burp AI - Burp Suite Now Integrate AI Powered Extension for Web Pentesting - 5 hours ago
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster - 5 hours ago
Threat Actors In Russia, China, and Iran Targeting Local Communities In The U.S - New Report - 5 hours ago
Hacker leaks account data of 12 million Zacks Investment users - 6 hours ago
APT43 Hackers Attacking Academic Institutions With Exposed Credentials - 7 hours ago
An Italian journalist speaks about being targeted with Paragon spyware | The Record from Recorded Future News - 7 hours ago
CVE-2025-25901 - 8 hours ago
CVE-2025-24904 - 8 hours ago
CVE-2025-25355 - 8 hours ago
CVE-2024-12011 - 8 hours ago
ANYRUN Safebrowsing Extension - Analyse Any Malicious URL for Free - 8 hours ago
CVE-2025-0426 - 9 hours ago
Munich Cyber Security and Security Conferences 2025 [Live Updates] | The Record from Recorded Future News - 9 hours ago
Chinese espionage tools deployed in RA World ransomware attack - 9 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

whoAMI attacks give hackers code execution on Amazon EC2 instances - 46 minutes ago
Roundtable: Is DOGE Flouting Cybersecurity for US Data? - 1 hour ago
Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware - 2 hours ago
New Windows UI 0-Day Vulnerability Actively Exploited in the Wild - 4 hours ago
Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News - 4 hours ago
Burp AI - Burp Suite Now Integrate AI Powered Extension for Web Pentesting - 5 hours ago
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster - 5 hours ago
Threat Actors In Russia, China, and Iran Targeting Local Communities In The U.S - New Report - 5 hours ago
Hacker leaks account data of 12 million Zacks Investment users - 6 hours ago
CVE-2025-0995 - 2 days ago
CVE-2025-0996 - 2 days ago
CVE-2025-0997 - 2 days ago
CVE-2025-0998 - 2 days ago
CVE-2025-24528 - 1 day ago
CVE-2024-11343 - 1 day ago
CVE-2024-12629 - 1 day ago
CVE-2024-9870 - 1 day ago
CVE-2025-0332 - 1 day ago
CVE-2025-0516 - 1 day ago
CVE-2025-1208 - 1 day ago