CVE-2026-34720
Received Received - Intake
SSO Header Validation Bypass in Zammad Enables Unauthorized Access

Publication date: 2026-04-08

Last updated on: 2026-04-17

Assigner: GitHub, Inc.

Description
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-17
Generated
2026-05-06
AI Q&A
2026-04-08
EPSS Evaluated
2026-05-05
NVD
CVE-2026-34720
EUVD
EUVD-2026-20560
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
zammad zammad 7.0.0
zammad zammad to 6.5.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-34720 is an origin validation error in the Single Sign-On (SSO) mechanism of the Zammad helpdesk system. Before versions 7.0.1 and 6.5.4, Zammad did not verify that headers came from a trusted SSO proxy or gateway before processing them. This means that an attacker could send untrusted headers that the system would accept and act upon, potentially allowing unauthorized actions.

The vulnerability is classified as CWE-346 (Origin Validation Error) and affects versions up to and including 7.0.0. It requires low privileges to exploit, no user interaction, but has a high attack complexity.


How can this vulnerability impact me? :

This vulnerability could allow an attacker with low privileges to remotely exploit the SSO mechanism by sending untrusted headers that are accepted by the system. The impact includes limited unauthorized disclosure of data (low confidentiality impact) and limited unauthorized modification of data (low integrity impact).

There is no impact on system availability or on subsequent systems. The overall severity is low due to the complexity of the attack and limited impact.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade Zammad to version 7.0.1 or 6.5.4 or later, where the SSO mechanism properly verifies that headers originate from a trusted SSO proxy or gateway before processing them.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in Zammad's SSO mechanism involves improper origin validation, which could potentially allow unauthorized actions based on untrusted headers. This could lead to limited unauthorized data disclosure and modification, as indicated by the low confidentiality and integrity impacts.

While the vulnerability has a low severity score and limited impact, any unauthorized access or data modification could pose risks to compliance with standards such as GDPR or HIPAA, which require strict controls on data access and integrity.

However, the provided information does not explicitly discuss the direct effects on compliance with these regulations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart