216.73.216.170

CVE-2026-43925

· Published 07/07/2026 00:16 · Author: The MITRE Corporation

Labels: CVE-2026-43925

Essential information

Published
07/07/2026 00:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CWE-915
CVSS vector

CVSS metrics

Description

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can gate promo code eligibility, an attacker may apply group-restricted discount codes and receive unauthorized discounts. Version 0.8.0 contains a patch. As a workaround, administrators can either remove group restrictions from promo codes or disable client self-registration (Settings → Clients → Disable signup).

NVD status

NVD
View on NVD