CVE-2026-26063

HIGH

CediPay <1.2.3 - Auth Bypass

Title source: llm

Description

CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully eliminate the vulnerability.

References (1)

[Vendor Advisory] https://github.com/xpertforextradeinc/CediPay/security/advisories/GHSA-wvr6-395c-5pxr

Scores

CVSS v4 8.8

EPSS 0.0013

EPSS Percentile 31.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

xpertforextradeinc/CediPay < 1.2.3

Published Feb 19, 2026

Tracked Since Feb 19, 2026