Open Redirect in Fossbilling

CVE-2026-43924

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This al…

Vulnerability class: Open Redirect

EPSS: 0.000 (10.9th percentile) — read the EPSS interpretation.

Affected products

Fossbilling — versions < 0.8.0

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_CONFIRM)