FOSSBilling Flaw Lets Admin Attackers Abuse DI Container for SQL Access and RCE
A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, is exposing instances to potential full database compromise and remote code execution (RCE), with early signs of active exploitation appearing sho…