CVE-2026-48190

CVSS Score & Metrics

Base Score

3.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N                                    

Vulnerability Description

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected.

This issue affects OTRS:

* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 01, 2026

CWE ID

CWE-276

Source

NVD

Vendor

OTRS AG

Product

OTRS

External References

https://otrs.com/release-notes/otrs-security-advisory-2026-04/

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment