CVE-2026-4548 PUBLISHED

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely.

• Ghufran Khan (VulDB User) reporter
• VulDB coordinator

• VDB-352375 | mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization
• VDB-352375 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #774805 | mickasmt next-saas-stripe-starter 1.0.0 Improper Access Controls

• Improper Authorization CWE
• Incorrect Privilege Assignment CWE