CVE-2026-26063
Received Received - Intake
Input Validation Bypass in CediPay Transaction API Prior to

Publication date: 2026-02-19

Last updated on: 2026-02-19

Assigner: GitHub, Inc.

Description
CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerability in CediPay prior to version 1.2.3 allows attackers to bypass input validation in the transaction API. The issue has been fixed in version 1.2.3. If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges; enforce strict input validation at the application layer; and/or monitor transaction logs for anomalies or suspicious activity. These mitigations reduce exposure but do not fully eliminate the vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-14
NVD
CVE-2026-26063
EUVD
EUVD-2026-7985
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
cedipay cedipay to 1.2.3 (exc)
xpertforextradeinc cedipay to 1.2.3 (exc)
xpertforextradeinc cedipay-core 1.2.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in CediPay, a crypto-to-fiat app for the Ghanaian market, exists in versions prior to 1.2.3. It allows attackers to bypass input validation in the transaction API. This means that malicious users can potentially send crafted inputs that the system does not properly check, which could lead to unauthorized or harmful transactions.

Impact Analysis

This vulnerability can impact you by allowing attackers to bypass input validation in the transaction API, potentially leading to unauthorized transactions or manipulation of transaction data. This could result in financial loss, fraud, or disruption of services.

If upgrading to version 1.2.3 is not immediately possible, mitigations include restricting API access to trusted networks or IP ranges, enforcing strict input validation at the application layer, and monitoring transaction logs for anomalies or suspicious activity. However, these mitigations reduce exposure but do not fully eliminate the vulnerability.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves bypassing input validation in the transaction API of CediPay prior to version 1.2.3.

To detect this vulnerability on your network or system, you should monitor transaction logs for anomalies or suspicious activity that could indicate attempts to exploit the input validation bypass.

Since no specific detection commands or tools are provided, general approaches include reviewing API access logs for unusual input patterns or unexpected transaction requests.

Mitigation Strategies

The vulnerability has been fixed in CediPay version 1.2.3, so upgrading to this version or later is the primary mitigation step.

  • If upgrading is not immediately possible, restrict API access to trusted networks or IP ranges.
  • Enforce strict input validation at the application layer to reduce exposure.
  • Monitor transaction logs for anomalies or suspicious activity.

Note that these mitigations reduce exposure but do not fully eliminate the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26063. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart