Auth bypass in Fossbilling

CVE-2026-53647

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any caller with a valid API key can retrieve al…

Vulnerability class: Information Disclosure

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2026-53647?
CVE-2026-53647 is a vulnerability in Fossbilling, classified under Information Disclosure. Published 2026-07-07.
Is CVE-2026-53647 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.