Description
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component
Published: 2026-04-24
Score: 3.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

An issue exists in HostBill that permits a remote attacker to trigger a denial of service by interacting with the Client Balance component. The weakness falls under CWE-400, which denotes a lack of resource exhaustion controls. When exploited, the service can become unresponsive, affecting the availability of the application for all users.

Affected Systems

HostBill versions v.2025-11-24 and v.2025-12-01 are affected. No other product variants are currently listed as impacted. The vulnerability is tied to the Client Balance functionality provided by the HostBill application.

Risk and Exploitability

The CVSS score for this issue is 3.8, indicating a moderate severity threat. The EPSS score is less than 1%, suggesting that the likelihood of exploitation is currently very low and there are no known public exploits. The vulnerability is not listed in the CISA KEV catalog, so it is not considered a known exploited vulnerability at this time. Because the functionality is remotely accessible, an attacker could trigger the denial of service by sending crafted requests to the Client Balance endpoint without needing local privileges.

Generated by OpenCVE AI on April 28, 2026 at 14:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available HostBill patch or newer release that addresses this denial-of-service issue, as indicated by vendor updates.
  • Disable or restrict external access to the Client Balance component until the fix is applied, if possible.
  • Deploy application availability monitoring to detect and respond to potential service disruption.

Generated by OpenCVE AI on April 28, 2026 at 14:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Client Balance Component in HostBill 2025 Versions

Mon, 27 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Hostbillapp
Hostbillapp hostbill
Vendors & Products Hostbillapp
Hostbillapp hostbill

Fri, 24 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component
References

Subscriptions

Hostbillapp Hostbill
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-24T15:57:01.333Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31051

cve-icon Vulnrichment

Updated: 2026-04-24T15:54:53.886Z

cve-icon NVD

Status : Deferred

Published: 2026-04-24T15:16:27.097

Modified: 2026-04-24T17:55:55.317

Link: CVE-2026-31051

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:45:16Z

Weaknesses