CVE-2026-48208 – Denial-of-Service via SVG Rendering in Ticket

CVE ID :CVE-2026-48208

Published : June 1, 2026, 4:16 a.m. | 16 minutes ago

Description :An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent or customer. The issue can be exploited without JavaScript execution and is not mitigated by the configured Content Security Policy (CSP).

This issue affects OTRS:

* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X

Please note that ((OTRS)) Community Edition 6.x and before are vulnerable. Products based on the ((OTRS)) Community Edition also very likely to be affected

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-10227 – raisulislamg4 student_management_system_by_php User Creation add_user_check.php sql injection

CVE-2026-10226 – raisulislamg4 student_management_system_by_php delete.php sql injection

CVE-2026-10225 – raisulislamg4 student_management_system_by_php Login login_check.php sql injection

CVE-2026-10224 – NousResearch hermes-agent Webhook Endpoint feishu.py _handle_webhook_request resource consumption