CVE-2026-48241

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database if it is reachable from their network.

Vulnerability Details

Published Date

May 21, 2026

Last Modified

May 21, 2026

CWE ID

CWE-798

Source

NVD

Vendor

Open ISES

Product

Tickets

External References

https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff
https://github.com/openises/tickets/releases/tag/v3.44.2
https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-mysql-credentials-in-loader-php

CVE-2026-48241

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment