CVE 8.8 HIGH

CediPay Affected by Improper Input Validation in Payment Processing_CVE-2026-26063

February 19, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully eliminate the vulnerability.

AI Analysis

Improper input validation in the transaction API of CediPay allows attackers to bypass validation

Basic Information

ID CVE-2026-26063

Source GitHub_M

Published Feb 19, 2026 at 18:53

Affected Product

Vendor xpertforextradeinc

Product CediPay

Version < 1.2.3

Affected Versions xpertforextradeinc CediPay < 1.2.3

CWE Classification

CWE-20

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor xpertforextradeinc

Product CediPay

Version < 1.2.3

References

github.com /xpertforextradeinc/CediPay/security/advisories/GHSA-wvr6-395c-5pxr

{
    "lastseen": "",
    "description": "CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully eliminate the vulnerability.",
    "published": "2026-02-19T18:53:47.314Z",
    "modified": "2026-02-19T18:53:47.314Z",
    "type": "cve",
    "title": "CediPay Affected by Improper Input Validation in Payment Processing",
    "source": "GitHub_M",
    "references": "https://github.com/xpertforextradeinc/CediPay/security/advisories/GHSA-wvr6-395c-5pxr",
    "id": "CVE-2026-26063",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "xpertforextradeinc CediPay < 1.2.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CediPay",
    "version": "< 1.2.3",
    "vendor": "xpertforextradeinc",
    "ai_description": "Improper input validation in the transaction API of CediPay allows attackers to bypass validation",
    "ai_severity": "High",
    "ai_vendor": "xpertforextradeinc",
    "ai_product": "CediPay",
    "ai_version": "< 1.2.3",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply