GHSA-wvr6-395c-5pxr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wvr6-395c-5pxr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-wvr6-395c-5pxr/GHSA-wvr6-395c-5pxr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wvr6-395c-5pxr
- Aliases
-
- CVE-2026-26063
- Published
- 2026-02-12T17:04:50Z
- Modified
- 2026-02-19T22:07:42.080664Z
- Severity
-
- 8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- CediPay Affected by Improper Input Validation in Payment Processing
- Details
-
A vulnerability in CediPay allows attackers to bypass input validation in the transaction API.
Affected users: All deployments running versions prior to the patched release.
Risk: Exploitation could result in unauthorized transactions, exposure of sensitive financial data, and compromise of payment integrity.
Severity: High — potential financial loss and reputational damage.
Patches The issue has been fixed in version 1.2.3.
Users should upgrade to 1.2.3 or later immediately.
All versions earlier than 1.2.3 remain vulnerable.
Workarounds If upgrading is not immediately possible:
Restrict API access to trusted networks or IP ranges.
Enforce strict input validation at the application layer.
Monitor transaction logs for anomalies or suspicious activity.
These mitigations reduce exposure but do not fully eliminate the vulnerability.
References OWASP Input Validation Guidelines (owasp.org in Bing)
CWE-20: Improper Input Validation
GitHub Security Advisory Documentation (docs.github.com in Bing)
- Database specific
{ "cwe_ids": [ "CWE-20" ], "github_reviewed": true, "github_reviewed_at": "2026-02-12T17:04:50Z", "nvd_published_at": "2026-02-19T20:25:41Z", "severity": "HIGH" }- References
Affected packages
npm / cedipay-core
Package
- Name
- cedipay-core
- View open source insights on deps.dev
- Purl
- pkg:npm/cedipay-core