Figured out the solution: to subvert the attack, each node must make sure that the channel towards the sender side expires later than the one towards the recipient side. Since the channels in question are opened on both sides of that node, it always knows the exact transaction scripts and is always able to verify this condition.

Hopefully, this is already included in the emerging LN standards.

Thanks for helping me figure out how it all works.