← back
CVE-2026-4549

mickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorization

CVSS 2.3 LOWEPSS 0.3%CWE-285CWE-639
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitation is known to be difficult.
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
Affected products
mickasmt · next-saas-stripe-starter

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://vuldb.com/?ctiid.352376https://vuldb.com/?id.352376https://vuldb.com/?submit.774806