A security update for HostBill has been released for  HostBill versions: 2026-05-18 – 2026-06-08  – please update your HostBill to the most recent version.

A security issue has been reported to us by one of the clients that affects all HostBill versions from 2026-05-18 until (and including) 2026-06-08 release. The problem concerns Insecure Direct Object Reference  and the severity Low to High depends on HostBill configuration.

Resolution:

To mitigate this issue please update your HostBill to the most recent release, version 2026-06-09, either manually or using the Auto-Update plugin.
We do not have any basis to think the issue is known in public.