CVE-2026-26063 | THREATINT

Description

CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully eliminate the vulnerability.

PUBLISHED Reserved 2026-02-10 | Published 2026-02-19 | Updated 2026-02-19 | Assigner GitHub_M

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-20: Improper Input Validation

Product status

< 1.2.3

affected

References

github.com/...ediPay/security/advisories/GHSA-wvr6-395c-5pxr

cve.org (CVE-2026-26063)

nvd.nist.gov (CVE-2026-26063)

Download JSON