File Overwrite Vulnerability in FOSSBilling by FOSSBilling
CVE-2026-53648

5.1MEDIUM

Key Information:

Vendor
CVE Published:
6 July 2026

What is CVE-2026-53648?

FOSSBilling, an open-source billing and client management system, is susceptible to a file overwrite vulnerability in versions prior to 0.8.1. When an administrator uploads a file for a downloadable product, it is stored using a deterministic path derived from the original filename. This means that if multiple files are uploaded with the same filename, the latest upload can overwrite earlier ones, causing confusion and potential data integrity issues for users. Although version 0.8.1 addresses this vulnerability, administrators are advised to adopt best practices such as ensuring unique filenames before uploads and restricting permissions to trusted administrators to mitigate any risks related to file collisions.

Affected Version(s)

FOSSBilling < 0.8.1

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.