c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds."
https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html