CVE-2026-4547

MEDIUM

mickasmt next-saas-stripe-starter Checkout generate-user-stripe.ts generateUserStripe logic error

Title source: cna

Description

A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout Handler. The manipulation of the argument priceId leads to business logic errors. The attack may be initiated remotely.

References (3)

[Vdb Entry, Technical Description] https://vuldb.com/?id.352374

[Signature, Permissions Required] https://vuldb.com/?ctiid.352374

[Third Party Advisory] https://vuldb.com/?submit.774804

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 8.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-840

Status published

Products (1)

mickasmt/next-saas-stripe-starter 1.0.0

Published Mar 22, 2026

Tracked Since Mar 22, 2026