CVE Catalog

CVE-2026-48191

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

Incorrect handling of permissions in STORM and OTRS (2026.x and above) modules allows gaining knowledge about the number of affected CIs, SLAs, and services without gaining access to them.

Risk Assessment

The organization may be exposed to the disclosure of sensitive information, potentially leading to privacy breaches and data security issues.

Recommendation

It is recommended to update OTRS to version 2026.4.X or newer and review permissions in STORM modules to minimize risk.

Original NVD description (English source)

An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X

Vulnerability data from NVD (NIST) · CISA KEV · EPSS