CVE-2026-26063
Input Validation Bypass in CediPay Transaction API Prior to
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cedipay | cedipay | to 1.2.3 (exc) |
| xpertforextradeinc | cedipay | to 1.2.3 (exc) |
| xpertforextradeinc | cedipay-core | 1.2.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in CediPay, a crypto-to-fiat app for the Ghanaian market, exists in versions prior to 1.2.3. It allows attackers to bypass input validation in the transaction API. This means that malicious users can potentially send crafted inputs that the system does not properly check, which could lead to unauthorized or harmful transactions.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to bypass input validation in the transaction API, potentially leading to unauthorized transactions or manipulation of transaction data. This could result in financial loss, fraud, or disruption of services.
If upgrading to version 1.2.3 is not immediately possible, mitigations include restricting API access to trusted networks or IP ranges, enforcing strict input validation at the application layer, and monitoring transaction logs for anomalies or suspicious activity. However, these mitigations reduce exposure but do not fully eliminate the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves bypassing input validation in the transaction API of CediPay prior to version 1.2.3.
To detect this vulnerability on your network or system, you should monitor transaction logs for anomalies or suspicious activity that could indicate attempts to exploit the input validation bypass.
Since no specific detection commands or tools are provided, general approaches include reviewing API access logs for unusual input patterns or unexpected transaction requests.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been fixed in CediPay version 1.2.3, so upgrading to this version or later is the primary mitigation step.
- If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges.
- Enforce strict input validation at the application layer to reduce exposure.
- Monitor transaction logs for anomalies or suspicious activity.
Note that these mitigations reduce exposure but do not fully eliminate the vulnerability.