CVE-2026-4547 MEDIUM

CVE-2026-4547: mickasmt next-saas-stripe-starter Checkout generate-user-stripe.ts generateUserStripe logic error

Vendor Mickasmt
Product next-saas-stripe-starter
Weakness CWE-840
Published March 22, 2026
Last update March 23, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout Handler. The manipulation of the argument priceId leads to business logic errors. The attack may be initiated remotely.

Key dates

02Disclosure timeline

March 22, 2026 CVE published
March 23, 2026 Record updated