CVE-2025-27586 Full Disclosure Fee-Bumping Reserves Attacks Against a LN node

[ariard]

https://ariard.github.io/feebumping.html

This attack vector was initially reported to LN maintainers in July 2022 and has been under embargo since 3y.

Full disclosure date was set the last 27th Feb for beginning of June.

A copy has been sent to the ML for discussions.

[bitschmidty]

Thanks for the heads up. May be considered for a future newsletter inclusion