Description
A security vulnerability exists in outdated versions of the x402 SDK.
This vulnerability does not affect users’ private keys, smart contracts, or funds.
The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK.
Recommendation
Update the @x402/svm package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.6.0
- Patched version(s): 2.6.0
References
Related Issues
- x402 SDK vulnerable in outdated versions in resource servers for builders - Vulnerability
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) 2 - Vulnerability
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) 3 - Vulnerability
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) - Vulnerability
- Tags:
- npm
- @x402/svm
Anything's wrong? Let us know Last updated on March 07, 2026