CVE-2026-4549

CVSS v2.0

2.1

Low

AV:N/AC:H/Au:S/C:P/I:N/A:N

A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitation is known to be difficult.

Fix

Improper Authorization

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-639

Related Identifiers

CVE-2026-4549

Affected Products

Next-Saas-Stripe-Starter

CVE-2026-4549

Weakness Enumeration

Related Identifiers

Affected Products

References · 4