CVE-2026-27708 | FOSSBilling up to 0.7.x Servicecustom Client API order_id access control (GHSA-p36w-9×66-488j)

Inserito da Angelo Barbosa | Giu 25, 2026 | CVE

A vulnerability described as critical has been identified in FOSSBilling up to 0.7.x. Affected by this vulnerability is an unknown functionality of the component Servicecustom Client API. The manipulation of the argument order_id results in improper access controls.

This vulnerability is known as CVE-2026-27708. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-27708 | FOSSBilling up to 0.7.x Servicecustom Client API order_id access control (GHSA-p36w-9×66-488j)

Post correlati

CVE-2025-25179 | Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/24.3 RTM GPU System Call insufficient permissions or privileges

CVE-2023-48375 | SmartStar CWS Web-Base 10.25 authorization

CVE-2024-7658 | projectsend up to r1605 process.php get_preview resource injection

CVE-2024-35706 | Team Heateor Heateor Social Login Plugin up to 1.1.32 on WordPress cross site scripting