Possible DoS via SQL Box_CVE-2026-6060

4.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Description

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS:

* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.3.X

Basic Information

ID CVE-2026-6060

Source OTRS

Published Apr 20, 2026 at 18:20

Affected Product

Vendor OTRS AG

Product OTRS

Version 7.0.x

Affected Versions OTRS AG OTRS 7.0.x
OTRS AG OTRS 8.0.x
OTRS AG OTRS 2023.x
OTRS AG OTRS 2024.x
OTRS AG OTRS 2025.x
OTRS AG OTRS 2026.x

CWE Classification

CWE-400 CWE-770

References

otrs.com /release-notes/otrs-security-advisory-2026-01/

{
    "lastseen": "",
    "description": "A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS:\u00a0\n\n  *  7.0.X\n  *  8.0.X\n  *  2023.X\n  *  2024.X\n  *  2025.X\n  *  2026.X before 2026.3.X",
    "published": "2026-04-20T18:20:01.664Z",
    "modified": "2026-04-20T18:20:01.664Z",
    "type": "cve",
    "title": "Possible DoS via SQL Box",
    "source": "OTRS",
    "references": "https://otrs.com/release-notes/otrs-security-advisory-2026-01/",
    "id": "CVE-2026-6060",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400",
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "OTRS AG OTRS 7.0.x\nOTRS AG OTRS 8.0.x\nOTRS AG OTRS 2023.x\nOTRS AG OTRS 2024.x\nOTRS AG OTRS 2025.x\nOTRS AG OTRS 2026.x",
    "sourceHref": "",
    "cvss": {
        "score": 4.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OTRS",
    "version": "7.0.x",
    "vendor": "OTRS AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}