CVE-2026-34722
Authorization Bypass in Zammad Ticket Creation Endpoint
Publication date: 2026-04-08
Last updated on: 2026-04-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zammad | zammad | 7.0.0 |
| zammad | zammad | to 6.5.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Zammad to version 7.0.1 or 6.5.4 or later, where the missing authorization check has been fixed.
Until the upgrade can be performed, restrict access to the ticket creation endpoint to trusted users or networks to prevent unauthorized ticket creation.
Monitor and audit ticket creation activities to detect any suspicious or unauthorized actions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Zammad's ticket creation endpoint allowed unauthorized actors to create tickets without proper authorization checks. This missing authorization could potentially lead to unauthorized access or modification of data, which may impact compliance with standards and regulations that require strict access controls and data protection, such as GDPR and HIPAA.
However, the provided information does not explicitly state the direct effects on compliance with these regulations.
Can you explain this vulnerability to me?
CVE-2026-34722 is a vulnerability in the Zammad helpdesk software where the ticket creation endpoint did not properly check authorization when a parameter for adding links was used.
This flaw allowed anyone, even without any privileges or user interaction, to create tickets without permission.
The issue was fixed in versions 7.0.1 and 6.5.4 by adding the necessary authorization checks.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to create tickets in the Zammad system.
The impact includes limited unauthorized modification and limited information disclosure, but it does not affect system availability.
Because no privileges or user interaction are required, an attacker can exploit this remotely with low complexity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves missing authorization checks on the ticket creation endpoint of Zammad when a parameter for adding links is used. Detection would involve monitoring or testing this specific API endpoint for unauthorized ticket creation attempts.
You can attempt to detect the vulnerability by sending requests to the ticket creation endpoint without proper authorization headers and including the parameter related to adding links to see if tickets can be created.
- Use curl or similar tools to send POST requests to the ticket creation API endpoint without authentication, including the parameter for adding links.
- Example command: curl -X POST "http://<zammad-server>/api/v1/tickets" -d '{"title":"test","link":"http://example.com"}' -H "Content-Type: application/json"
- Check server logs or audit logs for unauthorized ticket creation activities.