CVE-2026-48189
Analyzed
Analyzed - Analysis Complete
Improper Input Validation in OTRS Customer Backend
Vulnerability report for CVE-2026-48189, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-01
Last updated on: 2026-06-15
Assigner: OTRS AG
Description
Description
An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected.
This issue affects OTRS:
* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| otrs | otrs | From 7.0.0 (inc) to 8.0.37 (inc) |
| otrs | otrs | From 2023.0.0 (inc) to 2026.4.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |