CVE-2026-26063

CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully eliminate the vulnerability.

CVSS

No CVSS.

References

Link	Resource
https://github.com/xpertforextradeinc/CediPay/security/advisories/GHSA-wvr6-395c-5pxr

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) CediPay es una aplicación de cripto a fiat para el mercado ghanés. Una vulnerabilidad en CediPay anterior a la versión 1.2.3 permite a los atacantes eludir la validación de entrada en la API de transacciones. El problema ha sido solucionado en la versión 1.2.3. Si la actualización no es posible de inmediato, restrinja el acceso a la API a redes de confianza o rangos de IP; aplique una validación de entrada estricta en la capa de aplicación; y/o supervise los registros de transacciones en busca de anomalías o actividad sospechosa. Estas mitigaciones reducen la exposición, pero no eliminan por completo la vulnerabilidad.

19 Feb 2026, 20:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 20:25

Updated : 2026-04-15 00:35

NVD link : CVE-2026-26063

Mitre link : CVE-2026-26063

CVE.ORG link : CVE-2026-26063

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2026-26063", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-19T20:25:41.910", "references": [{"url": "https://github.com/xpertforextradeinc/CediPay/security/advisories/GHSA-wvr6-395c-5pxr", "source": "security-advisories@github.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully eliminate the vulnerability."}, {"lang": "es", "value": "CediPay es una aplicaci\u00f3n de cripto a fiat para el mercado ghan\u00e9s. Una vulnerabilidad en CediPay anterior a la versi\u00f3n 1.2.3 permite a los atacantes eludir la validaci\u00f3n de entrada en la API de transacciones. El problema ha sido solucionado en la versi\u00f3n 1.2.3. Si la actualizaci\u00f3n no es posible de inmediato, restrinja el acceso a la API a redes de confianza o rangos de IP; aplique una validaci\u00f3n de entrada estricta en la capa de aplicaci\u00f3n; y/o supervise los registros de transacciones en busca de anomal\u00edas o actividad sospechosa. Estas mitigaciones reducen la exposici\u00f3n, pero no eliminan por completo la vulnerabilidad."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security-advisories@github.com"}