Open-Source Billing System Vulnerability in FOSSBilling Affects Client Data Access
CVE-2026-53642

5.3MEDIUM

Key Information:

Vendor
CVE Published:
6 July 2026

What is CVE-2026-53642?

FOSSBilling, an open-source billing and client management system, has a vulnerability that allows logged-in clients with unverified email addresses to access restricted client-area pages. This includes sensitive information such as wallet balances and transaction history. Although API restrictions appropriately limit access for unverified users, the frontend page enforcement is lax, failing to properly restrict access to certain endpoints. In version 0.8.0, this vulnerability is addressed. Users are advised to upgrade to this version; no viable workarounds are currently available that do not require source code modifications.

Affected Version(s)

FOSSBilling >= 0.5.6, < 0.8.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.