CVE-2026-48190

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 3,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: unchanged

Confidentiality: low

Integrity: none

Availability: none

Description

AI Translation Available

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected.

This issue affects OTRS:

* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X

276

Incorrect Default Permissions

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity

Potential Impacts:

Read Application Data Modify Application Data

Applicable Platforms

Technologies: Not Technology-Specific, ICS/OT

Likelihood of Exploit: Medium

View CWE Details

https://otrs.com/release-notes/otrs-security-advisory-2026-…

https://otrs.com/release-notes/otrs-security-advisory-2026-04/

CVE-2026-48190

Description

Incorrect Default Permissions

Common Consequences

Applicable Platforms

Iscriviti alla newsletter