CVE-2026-48189

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected.

This issue affects OTRS:

* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: Not Technology-Specific, Web Based, Mobile

Likelihood of Exploit: High

View CWE Details

https://otrs.com/release-notes/otrs-security-advisory-2026-…

https://otrs.com/release-notes/otrs-security-advisory-2026-03/

CVE-2026-48189

Description

Exposure of Sensitive Information to an Unauthorized Actor

Common Consequences

Applicable Platforms

Iscriviti alla newsletter