CVE-2026-48189

CVSS Score & Metrics

Base Score

5.7 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N                                    

Vulnerability Description

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected.

This issue affects OTRS:

* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 01, 2026

CWE ID

CWE-200

Source

NVD

Vendor

OTRS AG

Product

OTRS

External References

https://otrs.com/release-notes/otrs-security-advisory-2026-03/

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment