Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

CVE-2026-48210 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-48210

CVE-2026-48210

MEDIUM5.7

Possible information disclosure via External Interface

Published May 31, 2026

Modified 3 weeks ago

Details

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend

This issue affects OTRS 2026.3.1

References

https://otrs.com/release-notes/otrs-security-advisory-2026-09/

https://www.cve.org/CVERecord?id=CVE-2026-48210

CVSS Analysis

CVSS v3.1

5.7

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

5.7/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Weakness Type (CWE)

Configuration

Improper Privilege Management

Information Disclosure

Information Exposure

Ecosystems

Timeline

PublishedMay 31, 2026

ModifiedJun 1, 2026