5.7
CVE-2026-48189
- EPSS 0.2%
- Veröffentlicht 01.06.2026 03:33:03
- Zuletzt bearbeitet 15.06.2026 12:45:43
- Quelle security@otrs.com
- CVE-Watchlists
- Unerledigt
Bypass DedicatedAgentToCustomerGroups Setting
An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.096 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@otrs.com | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://otrs.com/release-notes/otrs-security-advisory-2026-03/