logo

FOSSBilling Template Injection Flaw Exploited in the Wild

ID: aa2a321c-bb2a-5364-8a29-c7cec5224140

STIX ID: report--aa2a321c-bb2a-5364-8a29-c7cec5224140

Feed Name: securityonline.info

Threat Score
85/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Do Son

...
...

A critical FOSSBilling server-side template injection (CVE-2026-28496, CVSS 9.4) allows attackers to read sensitive billing data and escalate to remote code execution; all releases up through 0.7.2 are affected, exploitation was observed in the wild, and users are advised to update to 0.8.0 or apply mitigations such as auditing templates and blocking /api/system/ access.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.