HIGHCVE-2026-26063Published 2026-02-19Modified 2026-02-19CNA GitHub_M

CVE-2026-26063: CediPay Affected by Improper Input Validation in Payment Processing

CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully eliminate the vulnerability.

CVSS v4.0: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

xpertforextradeinc / CediPay
< 1.2.3

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

References

https://github.com/xpertforextradeinc/CediPay/security/advisories/GHSA-wvr6-395c-5pxr

Metrics