A vulnerability in LND versions 0.10.x and below has been revealed to the Lightning Labs team, consistent with engineer Conner Fromknecht within the Lightning Network developer channel recently on 8th Oct, late night. In light of the disclosure, the firm is urging node operators to upgrade to versions 0.11.0 or higher as soon as possible.
No existing exploitations of the vulnerability are found so far, but “circumstances surrounding around the invention resulted in a compressed disclosure timeline,” Fromknecht added.
The vulnerability was “partially” disclosed with in-depth publishing of the findings promised later on 20th Oct.
Lightning Labs – one among three major implementations of the Lightning Network – launched its latest v0.11.1-beta earlier on 1st Oct.
However, at the reporting time, Lightning Labs have not responded yet to the immediate vulnerability detected.