CVE-2026-4548
MEDIUMmickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization
Title source: cnaDescription
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely.
References (3)
Core 3
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-352375 | mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization
https://vuldb.com/?id.352375
Signature, Permissions Required signature
permissions-required
VDB-352375 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.352375
Third Party Advisory third-party-advisory
Submit #774805 | mickasmt next-saas-stripe-starter 1.0.0 Improper Access Controls
https://vuldb.com/?submit.774805
Scores
CVSS v3
6.3
EPSS
0.0019
EPSS Percentile
9.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
CWE-285
Status
published
Products (1)
mickasmt/next-saas-stripe-starter
1.0.0
Published
Mar 22, 2026
Tracked Since
Mar 22, 2026