Home

Description

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X

PUBLISHED Reserved 2026-05-21 | Published 2026-06-01 | Updated 2026-06-01 | Assigner OTRS




MEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
affected

7.0.x
affected

8.0.x
affected

2023.x
affected

2024.x
affected

2025.x
affected

2026.x (patch)
affected

References

otrs.com/release-notes/otrs-security-advisory-2026-03/

cve.org (CVE-2026-48189)

nvd.nist.gov (CVE-2026-48189)

Download JSON