PT-2026-27011 · Stripe+1 · Stripe Api+1

Ghufran Khan

Publicado

2026-03-22

Atualizado

2026-03-23

CVE-2026-4549

CVSS v3.1

3.1

Baixa

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions mickasmt next-saas-stripe-starter version 1.0.0

Description A flaw exists in the openCustomerPortal function within the actions/open-customer-portal.ts file of the Stripe API component. This manipulation can lead to an authorization bypass. Remote exploitation is possible, but the complexity is high and exploitation is difficult.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639CWE-285

Identificadores relacionados

CVE-2026-4549

Produtos afetados

Stripe Api

Next-Saas-Stripe-Starter

PT-2026-27011 · Stripe+1 · Stripe Api+1

CVE-2026-4549

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7