Auth bypass in Fossbilling

CVE-2026-43920

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote user…

Vulnerability class: Broken Authentication

Affected products

Fossbilling — versions >= 0.5.4, < 0.8.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)