CVE Catalog

CVE-2026-48188

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

23th percentile — higher than 23% of all known CVEs

Summary

CVE-2026-48188 describes an improper Input Validation vulnerability in the OTRS database layer module, allowing unauthenticated SQL injection that can lead to authentication bypass. This issue only affects systems where the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode.

Risk Assessment

Organizations using vulnerable versions of OTRS may be at risk of unauthorized access to the system, potentially leading to serious data security breaches.

Recommendation

It is recommended to upgrade OTRS to version 2026.4.X or later and to check the MySQL/MariaDB server configuration to disable the NO_BACKSLASH_ESCAPES mode.

Original NVD description (English source)

An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X * (OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

Vulnerability data from NVD (NIST) · CISA KEV · EPSS