Which versions of BichitroGan ISP Billing Software are affected by CVE-2026-5031?

Organizations using A vulnerability should be aware of moderate risk from CVE-2026-5031 rated CVSS 5.3. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2026-5031?

Yes, a public proof-of-concept exploit is available for CVE-2026-5031. Prioritise patching immediately. EPSS: 0.0%.

BichitroGan ISP Billing Software CVE-2026-5031

Q: What is the CVSS score of CVE-2026-5031?

CVE-2026-5031 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-16973 LOW

Improper Control of Resource Identifiers ('Resource Injection') (CWE-99)

2026-03-29 VulDB

Information Disclosure

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 29, 2026 - 05:15 euvd

EUVD-2026-16973

Analysis Generated

Mar 29, 2026 - 05:15 vuln.today

CVE Published

Mar 29, 2026 - 04:30 nvd

MEDIUM 5.3

DescriptionNVD

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

BichitroGan ISP Billing Software 2025.3.20 contains an improper resource identifier control vulnerability in the settings/users-view endpoint that allows authenticated remote attackers to disclose sensitive information via manipulation of the ID parameter. The vulnerability has a CVSS score of 4.3 with publicly available exploit code; the vendor has not responded to disclosure attempts.

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5031 vulnerability details – vuln.today

Back