CVE-2026-34724
Server-Side Template Injection in Zammad AI Agent Enables RCE
Publication date: 2026-04-08
Last updated on: 2026-04-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zammad | zammad | 7.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34724 is a high-severity server-side template injection (SSTI) vulnerability in the Zammad helpdesk application, specifically affecting versions prior to 7.0.1.
The vulnerability occurs in the AI Agent feature when an attacker with high-privilege administrative access can control or influence the `type_enrichment_data` parameter.
By injecting malicious template code, the attacker can exploit improper neutralization of special elements and improper control of code generation, leading to remote code execution (RCE) on the server within the application process context.
How can this vulnerability impact me? :
This vulnerability allows an attacker with administrative privileges to execute arbitrary code remotely on the server running the Zammad application.
The impact is high on confidentiality, integrity, and availability of the affected system and potentially any connected systems.
Successful exploitation could lead to full compromise of the server, unauthorized data access, data manipulation, service disruption, or further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves auditing AI::Agent records and the `type_enrichment_data` parameter for suspicious content, especially ERB-like sequences that may indicate template injection attempts.
Since the vulnerability requires administrative privileges to exploit, reviewing privileged admin accounts and their activities is also important.
Specific commands are not provided in the resources, but operators should focus on inspecting the database or logs where AI::Agent records and `type_enrichment_data` are stored for unusual or malicious template code.
What immediate steps should I take to mitigate this vulnerability?
- Restrict and review privileged administrative accounts to limit who can influence `type_enrichment_data`.
- Audit AI::Agent records and `type_enrichment_data` for suspicious or malicious template content.
- Disable or limit the AI Agent feature until the patch (version 7.0.1) is applied.
- Apply the patch by upgrading Zammad to version 7.0.1 or later, which fixes the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-34724 is a high-severity vulnerability that allows remote code execution via a server-side template injection in Zammad's AI Agent feature, which requires high-privilege administrative access. This vulnerability can lead to unauthorized code execution on the server, potentially compromising the confidentiality, integrity, and availability of sensitive data managed by the system.
Such a compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which mandate strict controls over data confidentiality and integrity. If exploited, this vulnerability could result in unauthorized access or manipulation of personal or protected health information, thereby violating these regulatory requirements.
Mitigation steps include applying the patch in version 7.0.1, restricting and reviewing privileged administrative accounts, auditing AI Agent data for suspicious content, and disabling or limiting the AI Agent feature until patched. These measures help maintain compliance by reducing the risk of unauthorized access and data breaches.