CVE-2026-26063

CediPay <1.2.3 - Auth Bypass

Title source: llm

Description

CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully eliminate the vulnerability.

References (1)

[Vendor Advisory] https://github.com/xpertforextradeinc/CediPay/security/advisories/GHSA-wvr6-395c-5pxr

Scores

EPSS 0.0010

EPSS Percentile 27.6%

Classification

CWE

CWE-20

Status draft

Timeline

Published Feb 19, 2026

Tracked Since Feb 19, 2026