CVE-2026-48189
Received
Received - Intake
Improper Input Validation in OTRS Customer Backend
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: OTRS AG
Description
Description
An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected.
This issue affects OTRS:
* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| otrs | otrs | 7.0 |
| otrs | otrs | 8.0 |
| otrs | otrs | 2023 |
| otrs | otrs | 2024 |
| otrs | otrs | 2025 |
| otrs | otrs | to 2026.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper input validation issue in the OTRS Customer Backend module. It allows unauthorized access to customer information that should be restricted to certain groups. For the vulnerability to be exploitable, the feature must be enabled and the CustomerGroupSupport functionality must be in use.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive customer information to users or groups that should not have access. This could result in privacy breaches and potential misuse of customer data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70