Auth bypass in Fossbilling
CVE-2026-53647
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any caller with a valid API key can retrieve al…
Vulnerability class: Information Disclosure
Affected products
- Fossbilling — versions >= 0.5.3, < 0.8.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-53647?
- CVE-2026-53647 is a vulnerability in Fossbilling, classified under Information Disclosure. Published 2026-07-07.
- Is CVE-2026-53647 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.