CVE-2026-4548

CVSS v2.0

6.5

Medium

AV:N/AC:L/Au:S/C:P/I:P/A:P

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely.

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2026-4548

Affected Products

Next-Saas-Stripe-Starter

CVE-2026-4548

Weakness Enumeration

Related Identifiers

Affected Products

References · 4