Critical FOSSBilling SSTI Flaw Enables Information Disclosure and Remote Code Execution
ID: 1aeeafad-b6e0-5157-914f-6b87c5b00e52
STIX ID: report--1aeeafad-b6e0-5157-914f-6b87c5b00e52
Feed Name: Cyber Press
**Critical SSTI in FOSSBilling (CVE-2026-28496) actively exploited:** A server-side template injection in Twig rendering (affecting FOSSBilling ≤0.7.2) permits arbitrary expression execution and full access to the dependency injection container, enabling data access, session and password operations, and potential remote code execution—especially when combined with a reported authorization-bypass; active exploitation was observed from 160.30.209.77 (AS137552), and a patch is available in FOSSBilling 0.8.0. Please upgrade immediately, rotate tokens, audit templates and logs, and block /api/system/* at the edge.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
