A vulnerability described as problematic has been identified in FOSSBilling up to 0.7.x. The impacted element is the function isActive of the file /api/client/serviceapikey/reset of the component Serviceapikey. Executing a manipulation can lead to information disclosure.

This vulnerability is registered as CVE-2026-53644. It is possible to launch the attack remotely. No exploit is available.