The XRP Ledger Foundation (XRPLF) has confirmed it successfully patched a critical vulnerability in an upcoming amendment to Ripple's XRP Ledger (XRPL), averting a potential exploit that could have led to massive fund losses and ecosystem destabilization.
The flaw was identified on February 19, 2026 by security engineer Pranamya Keshkamat and the autonomous AI security bot Apex, developed by cybersecurity firm Cantina. The vulnerability existed within the signature-validation logic of the proposed "Batch" amendment, also known as XLS-56. This amendment was designed to allow multiple inner transactions to be grouped into a single batch.
The critical bug was a logic flaw in the signer validation function. A loop error could cause the system to exit early if it encountered a signer for an account not yet created. If the signing key matched the new account, validation was marked as successful, and the system would skip checks for remaining signers. This flaw could have allowed an attacker to craft a batch transaction to execute unauthorized payments from victim accounts without possessing their private keys, potentially draining funds.
Hari Mulackal, CEO of Cantina and Spearbit, stated, "Our autonomous bug hunter, Apex, found this critical bug." He added, "Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk," a figure likely referencing XRP's market capitalization.
The XRPL Foundation emphasized that no funds were ever at risk because the amendment was still in its voting phase and had not been activated on the mainnet. Following the disclosure, Ripple engineering teams validated the issue and created a proof of concept. The foundation advised UNL validators to vote against the amendment and released an emergency software update, rippled 3.1.1, on February 23, 2026. This update blocks the activation of the flawed Batch amendment and a related fix.
The foundation warned that a successful large-scale exploit could have "destabilized the ecosystem" and caused "substantial loss of confidence in XRPL." A corrected replacement amendment, BatchV1_1, has been implemented, which removes the early exit flaw and strengthens authorization checks. The XRPLF also announced plans to expand AI-assisted code audits and static analysis to prevent similar vulnerabilities in the future.
