Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Outdated x402 SDK on Solana Resource Servers Exposes Payment Processing Risks
GHSA-qr2g-p6q7-w82m
Summary
If you're a facilitator processing payments on Solana, you need to update the x402 SDK to the latest version to prevent potential security risks. This issue affects resource servers that use the x402 SDK to process payments, but doesn't impact users' private keys, smart contracts, or funds. Update to the latest version of @x402/svm, x402, or x402 (depending on your platform) to stay secure.
What to do
- Update x402 svm to version 2.6.0.
- Update x402 to version 2.3.0.
- Update github.com coinbase to version 2.5.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| x402 | svm | <= 2.6.0 | 2.6.0 |
| – | x402 | <= 2.3.0 | 2.3.0 |
| github.com | coinbase | <= 2.5.0 | 2.5.0 |
Original title
x402 SDK Security Advisory
Original description
### Impact
A security vulnerability exists in outdated versions of the x402 SDK.
This vulnerability does not affect users' private keys, smart contracts, or funds.
The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK.
### Who Should Take Action
Facilitators that process payments on Solana must upgrade the x402 SDK to the patched versions listed below.
Clients are not required to upgrade.
Resource servers are not required to upgrade unless they operate their own facilitator (self-facilitate).
### Patches
Please update to the following package versions:
* Npm: @x402/svm >= 2.6.0
* Pypi: x402 >= 2.3.0
* Go: x402 >= 2.5.0
A security vulnerability exists in outdated versions of the x402 SDK.
This vulnerability does not affect users' private keys, smart contracts, or funds.
The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK.
### Who Should Take Action
Facilitators that process payments on Solana must upgrade the x402 SDK to the patched versions listed below.
Clients are not required to upgrade.
Resource servers are not required to upgrade unless they operate their own facilitator (self-facilitate).
### Patches
Please update to the following package versions:
* Npm: @x402/svm >= 2.6.0
* Pypi: x402 >= 2.3.0
* Go: x402 >= 2.5.0
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026