Description
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-20
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service
Action: Mitigate
AI Analysis

Impact

The vulnerability occurs in the Lagom WHMCS Template datatables component for versions up to 2.4.2. An attacker can manipulate an unknown datatables function to cause excessive resource consumption, which the vendor reports as remote exploitation possible. The impact is a denial of service caused by elevated CPU or memory usage, mapped to CWE-400 (Uncontrolled Resource Consumption) and CWE-404 (Missing Resource Management).

Affected Systems

Any installation of Lagom WHMCS Template that is version 2.4.2 or older is affected. The vulnerability is tied to an unspecified datatables function; therefore all users who have not upgraded beyond 2.4.2 are at risk.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA KEV, though the exploit has been publicly disclosed. The attack vector is likely remote, whereby a crafted web request triggers the datatables component to consume excessive resources, leading to service degradation. Without an official patch or response from the vendor, the risk remains until a fix is applied or mitigated.

Generated by OpenCVE AI on April 20, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Lagom WHMCS Template to any release newer than 2.4.2 as soon as one is available.
  • If no newer release exists, consider removing or disabling the vulnerable datatables component.
  • Implement application‑level rate limiting or request throttling to cap the resource usage per user, and enable or install a web application firewall to block anomalous datatables requests.

Generated by OpenCVE AI on April 20, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Lagom WHMCS Template Datatables resource consumption
Weaknesses CWE-400
CWE-404
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-20T03:30:14.978Z

Reserved: 2026-04-19T13:56:59.565Z

Link: CVE-2026-6601

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-20T04:16:56.763

Modified: 2026-04-20T04:16:56.763

Link: CVE-2026-6601

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T06:00:08Z

Weaknesses