logo

Critical FOSSBilling SSTI Flaw Enables Information Disclosure and Remote Code Execution

ID: 1aeeafad-b6e0-5157-914f-6b87c5b00e52

STIX ID: report--1aeeafad-b6e0-5157-914f-6b87c5b00e52

Feed Name: Cyber Press

Threat Score
90/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Lucas Martin

...
...

**Critical SSTI in FOSSBilling (CVE-2026-28496) actively exploited:** A server-side template injection in Twig rendering (affecting FOSSBilling ≤0.7.2) permits arbitrary expression execution and full access to the dependency injection container, enabling data access, session and password operations, and potential remote code execution—especially when combined with a reported authorization-bypass; active exploitation was observed from 160.30.209.77 (AS137552), and a patch is available in FOSSBilling 0.8.0. Please upgrade immediately, rotate tokens, audit templates and logs, and block /api/system/* at the edge.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.