CVE-2026-48246
Open ISES Tickets TLS Certificate Verification Bypass
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Open ISES Tickets versions before 3.44.2, where TLS certificate verification is disabled in the ajax/reports.php file during outbound HTTPS requests to the Google Maps Directions API.
Specifically, the software sets the CURLOPT_SSL_VERIFYPEER option to false and does not set CURLOPT_SSL_VERIFYHOST, which means it does not properly verify the authenticity of the TLS certificates.
As a result, an attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the HTTPS requests and responses, including sensitive data such as API keys or session information.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to perform a man-in-the-middle attack by intercepting and potentially altering the data exchanged between the server and the Google Maps Directions API.
- Exposure of sensitive information such as API keys or session data.
- Modification of the data in transit, which could lead to incorrect incident reports or other malicious outcomes.
- Compromise of the integrity and confidentiality of communications between the server and external services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the source code of the Open ISES Tickets application, specifically the ajax/reports.php file, to check if the TLS certificate verification options are improperly set. Look for the use of CURLOPT_SSL_VERIFYPEER set to false and the absence of CURLOPT_SSL_VERIFYHOST when making HTTPS requests.
On the system or network level, monitoring outbound HTTPS requests to the Google Maps Directions API and checking for signs of intercepted or modified traffic could indicate exploitation.
Suggested commands to detect the vulnerability include:
- Use grep or similar tools to search for the relevant curl options in the codebase: grep -r "CURLOPT_SSL_VERIFYPEER" /path/to/open-ises-tickets/
- Use network packet capture tools like tcpdump or Wireshark to monitor HTTPS traffic from the server to the Google Maps Directions API endpoint for anomalies.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Open ISES Tickets to version 3.44.2 or later, where the TLS certificate verification is properly enabled.
If upgrading is not immediately possible, manually modify the ajax/reports.php file to ensure that CURLOPT_SSL_VERIFYPEER is set to true and CURLOPT_SSL_VERIFYHOST is properly set when making HTTPS requests.
Additionally, monitor network traffic for suspicious activity and consider restricting network access to trusted endpoints to reduce the risk of man-in-the-middle attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability disables TLS certificate verification, allowing an attacker to intercept or modify sensitive data such as API keys or session information during transmission.
Such interception or exposure of sensitive data can lead to violations of data protection requirements mandated by standards and regulations like GDPR and HIPAA, which require secure transmission and protection of personal and sensitive information.
Therefore, the vulnerability negatively impacts compliance by undermining the confidentiality and integrity of data in transit.