CVE Catalog

CVE-2026-48189

MediumCVSS 5.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

An improper Input Validation vulnerability in the OTRS Customer Backend module allows access to customer information that is restricted to other groups. Note that the feature must be enabled and CustomerGroupSupport must be used to be affected.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive customer information, potentially leading to privacy breaches and loss of customer trust.

Recommendation

It is recommended to disable the feature if not needed and to update OTRS to version 2026.4.X or later to mitigate this vulnerability.

Original NVD description (English source)

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X

Vulnerability data from NVD (NIST) · CISA KEV · EPSS