Vulnerability in Fossbilling
CVE-2026-43927
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending…
Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)
Affected products
- Fossbilling — versions < 0.8.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)