CVE-2026-14871
Vulnerability Description
osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization (BOLA) leading to Insecure Direct Object Reference (IDOR) in the AJAX ticket-management subsystem.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-863
Source
NVD
Vendor
osTicket
Product
osTicket
Discussion (0)
Add Comment
No comments yet. Be the first!