# Tenable Lists New CVEs Including CVE-2026-53648 Published July 7

_Tuesday, July 7, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

Tenable listed CVE-2026-53648 on its Newest CVEs page. The entry covers a medium-severity vulnerability in FOSSBilling, described as a free open-source billing and client management system. The listing states that prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 of the original filename under the uploads directory. Because the stored path depends only on the client-supplied filename, two different downloadable products or product/order files uploaded with the same original filename will resolve to the same stored file path. A later upload can overwrite an earlier upload, causing customers or administrators downloading the earlier product to receive the later file instead. Version 0.8.1 patches the issue. Workarounds include restricting the servicedownloadable.manage permission to fully trusted administrators only and ensuring downloadable product files use unique filenames before upload. The entry was updated July 7.

## Sources

- [Tenable](https://www.tenable.com/cve/newest)

---
Canonical: https://techandbusiness.org/newswire/6AVRIlFuERN6t4TUBhDDBt
Retrieved: 2026-07-07T14:25:24.268Z
Publisher: Tech & Business (techandbusiness.org)
