CVE-2026-4549 PUBLISHED

mickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorization

Assigner: VulDB
Reserved: 21.03.2026 Published: 22.03.2026 Updated: 22.03.2026

A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitation is known to be difficult.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
CVSS Score: 2.3

Product Status

Vendor mickasmt
Product next-saas-stripe-starter
Versions
  • Version 1.0.0 is affected

Credits

  • Ghufran Khan (VulDB User) reporter
  • VulDB coordinator

References

Problem Types

  • Authorization Bypass CWE
  • Improper Authorization CWE