CVE-2026-4549

LOW

mickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorization

Title source: cna

Description

A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitation is known to be difficult.

References (3)

[Vdb Entry, Technical Description] https://vuldb.com/?id.352376

[Signature, Permissions Required] https://vuldb.com/?ctiid.352376

[Third Party Advisory] https://vuldb.com/?submit.774806

Scores

CVSS v3 3.1

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-285 CWE-639

Status published

Products (1)

mickasmt/next-saas-stripe-starter < 1.0.0

Published Mar 22, 2026

Tracked Since Mar 22, 2026