Auth bypass in Fossbilling

CVE-2026-53642

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address (`email_approved = 0`)…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References