Back to CVE List

CVE-2026-14871

Vulnerability Description

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization (BOLA) leading to Insecure Direct Object Reference (IDOR) in the AJAX ticket-management subsystem.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-863
Source
NVD
Vendor
osTicket
Product
osTicket

External References

Discussion (0)

Add Comment

No comments yet. Be the first!