CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-48188

CVSS 9.1v3.1pub. 2026-06-01upd. 2026-06-15

An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X * (OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Otrs

    APP
    Otrs
    ≤ 6.0.327.0.0 – 8.0.372023.0.0 – 2026.4.1 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2026-48209HIGH7.1ten sam produkt

An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling al...

CVE-2023-6254HIGH8.1ten sam produkt

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which ...

CVE-2023-5422HIGH8.7ten sam produkt

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL o...

CVE-2023-38056HIGH7.2ten sam produkt

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTas...

CVE-2023-2534HIGH7.6ten sam produkt

Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticat...