Open-Source Billing System Vulnerability in FOSSBilling Affects Client Data Access
CVE-2026-53642
5.3MEDIUM
What is CVE-2026-53642?
FOSSBilling, an open-source billing and client management system, has a vulnerability that allows logged-in clients with unverified email addresses to access restricted client-area pages. This includes sensitive information such as wallet balances and transaction history. Although API restrictions appropriately limit access for unverified users, the frontend page enforcement is lax, failing to properly restrict access to certain endpoints. In version 0.8.0, this vulnerability is addressed. Users are advised to upgrade to this version; no viable workarounds are currently available that do not require source code modifications.
Affected Version(s)
FOSSBilling >= 0.5.6, < 0.8.0
