CVE-2026-48245
Deferred Deferred - Pending Action
Hardcoded Google Maps API Key Exposure in Open ISES Tickets

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: VulnCheck

Description
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud project.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-05-22
AI Q&A
2026-05-21
EPSS Evaluated
N/A
NVD
CVE-2026-48245
EUVD
EUVD-2026-31328
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

Open ISES Tickets versions before 3.44.2 contain a hardcoded Google Maps API key embedded in the tables.php file. This key is committed to the public source repository, making it accessible to anyone with read access to the source code.

Because the key is exposed publicly, unauthorized users can extract it and use it to make Google Maps Platform requests that are billed to the original owner's Google Cloud project.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized use of the Google Maps API key, allowing attackers or unauthorized users to make requests to the Google Maps Platform.

This unauthorized usage can result in unexpected charges billed to the original owner's Google Cloud project, potentially causing financial loss.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves a hardcoded Google Maps API key embedded in the tables.php file of Open ISES Tickets versions before 3.44.2. To detect it, you can search the source code repository or your deployed files for the presence of this hardcoded key.

  • Use a command like `grep -r 'AIza' /path/to/ises-tickets/` to search for Google Maps API keys in the source code, as Google API keys typically start with 'AIza'.
  • Check the tables.php file specifically for any hardcoded API keys by running `grep 'Google Maps API key' /path/to/ises-tickets/tables.php` or inspecting the file manually.

What immediate steps should I take to mitigate this vulnerability?

The primary mitigation step is to update Open ISES Tickets to version 3.44.2 or later, where this vulnerability has been addressed.

Additionally, you should revoke or regenerate the exposed Google Maps API key to prevent unauthorized usage and potential billing against your Google Cloud project.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability involves a hardcoded Google Maps API key exposed in the public source repository, which can be used by unauthorized parties to make requests billed to the original owner's Google Cloud project.

There is no information provided about any direct impact on compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart