MEDIUM
FOSSBilling
CVE published 2026-06-04
CVE-2026-43926
CVE-2026-43926 is a MEDIUM severity vulnerability in FOSSBilling, a free, open-source billing and client management system. The vulnerability allows an attacker to bypass the rate limiter and probe the password reset confirmation endpoint for valid reset tokens without any per-IP request limiting, attempt counting, or lockout mechanism. This is possible because the password reset confirmation endpoint `/c [truncated]