ByteOS Network

NVD Vulnerability Details :

CVE-2026-31049

Deferred

Source-cve@mitre.org

Published At-14 Apr, 2026 | 14:16

Updated At-27 Apr, 2026 | 19:18

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-1236	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-1236

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://blog.hostbillapp.com/2025/12/03/hostbill-security-advisory/	cve@mitre.org	N/A
https://github.com/Muhammad5235/HostBill-CVEs-2025/blob/main/Missing%20Server-Side%20Validation/Registration%20fields%20%26%20Import%20Csv	cve@mitre.org	N/A
https://hostbillapp.com/changelog	cve@mitre.org	N/A
https://hostbillapp.com/release-notes/11-27-2025.html	cve@mitre.org	N/A
https://hostbillapp.com/release-notes/12-01-2025.html	cve@mitre.org	N/A
https://hostbillapp.com/responsible-disclosure	cve@mitre.org	N/A