CVE-2026-48241
Deferred Deferred - Pending Action
Hard-Coded MySQL Credentials in Open ISES Tickets

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: VulnCheck

Description
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database if it is reachable from their network.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-11
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-10
NVD
CVE-2026-48241
EUVD
EUVD-2026-31321
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Open ISES Tickets versions before 3.44.2, where hardcoded MySQL database credentials are present in the file loader.php, which is a public-facing database utility.

Because these credentials are committed to the source repository, any actor who can access the public source tree or an unauthenticated attacker who can read the file on a deployed installation can obtain the username, password, and database name.

If the database is reachable from the attacker's network, they can use these credentials to connect to the database.

Impact Analysis

An attacker who obtains the hardcoded database credentials can connect to the database if it is accessible from their network.

This can lead to unauthorized access to sensitive data stored in the database, potentially resulting in data theft, data manipulation, or disruption of services.

Compliance Impact

This vulnerability exposes hardcoded MySQL database credentials in a public-facing file, allowing unauthorized actors to access sensitive database information if the database is reachable. Such unauthorized access to sensitive data can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over access to personal and health information.

By enabling potential unauthorized database access, this vulnerability increases the risk of data breaches, which can result in non-compliance with these standards and regulations, potentially leading to legal and financial penalties.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48241. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart