CVE-2026-4549

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions mickasmt next-saas-stripe-starter version 1.0.0

Description A flaw exists in the openCustomerPortal function within the actions/open-customer-portal.ts file of the Stripe API component. This manipulation can lead to an authorization bypass. Remote exploitation is possible, but the complexity is high and exploitation is difficult.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-285

Related Identifiers

CVE-2026-4549

Affected Products

Stripe Api

Next-Saas-Stripe-Starter

CVE-2026-4549

Weakness Enumeration

Related Identifiers

Affected Products

References · 7