CVE-2019-13000

HIGH

Eclair < 0.3 - Incorrect Access Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-13000. PoCs published by ACINQ.

AI-analyzed exploit summary This repository contains a Java-based detection tool for CVE-2019-13000, which checks if an Eclair Lightning Network node has been compromised by the invalid funding transaction attack. It scans the node's SQLite database and configuration files for signs of exploitation.

Description

Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it."

Exploits (1)

nomisec SCANNER
by ACINQ · poc
https://github.com/ACINQ/detection-tool-cve-2019-13000

This repository contains a Java-based detection tool for CVE-2019-13000, which checks if an Eclair Lightning Network node has been compromised by the invalid funding transaction attack. It scans the node's SQLite database and configuration files for signs of exploitation.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Eclair Lightning Network node (released versions)
No auth needed
Prerequisites: Access to the target node's eclair.sqlite database and/or eclair.conf file
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/ACINQ/eclair/commits/master
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/ACINQ/eclair/releases
Exploit, Mailing List, Third Party Advisory x_refsource_confirm
https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html

Scores

CVSS v3 7.5
EPSS 0.0069
EPSS Percentile 72.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
acinq/eclair < 0.3
Published Jan 31, 2020
Tracked Since Feb 18, 2026