CVE-2026-48210 – Possible information disclosure via External Interface

CVE ID :CVE-2026-48210

Published : May 31, 2026, 10:16 p.m. | 15 minutes ago

Description :An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend

This issue affects OTRS 2026.3.1

Severity: 5.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-10204 – OFCMS JSON Query SysUserController.java query sql injection

CVE-2026-10203 – OFCMS JSON Query SystemParamController.java query sql injection

CVE-2026-10202 – OFCMS JSON Query SystemDictController.java query sql injection

CVE-2026-10201 – Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero