CVE-2026-34722
Received Received - Intake
Authorization Bypass in Zammad Ticket Creation Endpoint

Publication date: 2026-04-08

Last updated on: 2026-04-17

Assigner: GitHub, Inc.

Description
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34722
EUVD
EUVD-2026-20562
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
zammad zammad 7.0.0
zammad zammad to 6.5.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The primary mitigation step is to upgrade Zammad to version 7.0.1 or 6.5.4 or later, where the missing authorization check has been fixed.

Until the upgrade can be performed, restrict access to the ticket creation endpoint to trusted users or networks to prevent unauthorized ticket creation.

Monitor and audit ticket creation activities to detect any suspicious or unauthorized actions.

Compliance Impact

The vulnerability in Zammad's ticket creation endpoint allowed unauthorized actors to create tickets without proper authorization checks. This missing authorization could potentially lead to unauthorized access or modification of data, which may impact compliance with standards and regulations that require strict access controls and data protection, such as GDPR and HIPAA.

However, the provided information does not explicitly state the direct effects on compliance with these regulations.

Executive Summary

CVE-2026-34722 is a vulnerability in the Zammad helpdesk software where the ticket creation endpoint did not properly check authorization when a parameter for adding links was used.

This flaw allowed anyone, even without any privileges or user interaction, to create tickets without permission.

The issue was fixed in versions 7.0.1 and 6.5.4 by adding the necessary authorization checks.

Impact Analysis

This vulnerability can allow unauthorized users to create tickets in the Zammad system.

The impact includes limited unauthorized modification and limited information disclosure, but it does not affect system availability.

Because no privileges or user interaction are required, an attacker can exploit this remotely with low complexity.

Detection Guidance

This vulnerability involves missing authorization checks on the ticket creation endpoint of Zammad when a parameter for adding links is used. Detection would involve monitoring or testing this specific API endpoint for unauthorized ticket creation attempts.

You can attempt to detect the vulnerability by sending requests to the ticket creation endpoint without proper authorization headers and including the parameter related to adding links to see if tickets can be created.

  • Use curl or similar tools to send POST requests to the ticket creation API endpoint without authentication, including the parameter for adding links.
  • Example command: curl -X POST "http://<zammad-server>/api/v1/tickets" -d '{"title":"test","link":"http://example.com"}' -H "Content-Type: application/json"
  • Check server logs or audit logs for unauthorized ticket creation activities.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34722. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart