216.73.217.24

CVE-2026-43927

· Published 07/07/2026 00:16 · Author: The MITRE Corporation

Labels: CVE-2026-43927

Essential information

Published
07/07/2026 00:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CWE-367
CVSS vector

CVSS metrics

Description

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request completes the usage increment, a client can obtain unlimited discounted or free orders from a single-use or limited-use promo code. Version 0.8.0 patches the issue. Some workarounds are available. Disable promo codes entirely until a patch is available or monitor the `promo` table for `used` values exceeding `maxuses` and manually review affected orders.

NVD status

NVD
View on NVD