3 matches found
CVE-2026-53645
creationtimestamp| type| source ---|---|--- 2026-07-07 00:54:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpzfeaqomd27 2026-07-07 02:04:20+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpzjbl2rdb22...
CVE-2026-53645 FOSSBilling's missing self-edit prevention in staff permission management allows persistent privilege escalation
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has...
CVE-2026-53645
CVE-2026-53645 affects FOSSBilling prior to 0.8.0. A low-privileged staff member with staff.create_and_edit_staff can call /api/admin/staff/permissions_update to modify their own permissions, bypassing RBAC and enabling persistent privilege escalation. Version 0.8.0 patches the issue. Workarounds...