Possible information disclosure via External Interface_CVE-2026-48210

5.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Description

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend

This issue affects OTRS 2026.3.1

Basic Information

ID CVE-2026-48210

Source OTRS

Published May 31, 2026 at 21:11

Affected Product

Vendor OTRS AG

Product OTRS

Version 2026.3.1

Affected Versions OTRS AG OTRS 2026.3.1

CWE Classification

CWE-200 CWE-269

References

otrs.com /release-notes/otrs-security-advisory-2026-09/

{
    "lastseen": "",
    "description": "An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the \u201cIs visible for customer\u201d flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend\n\nThis issue affects OTRS 2026.3.1",
    "published": "2026-05-31T21:11:25.337Z",
    "modified": "2026-05-31T21:11:25.337Z",
    "type": "cve",
    "title": "Possible information disclosure via External Interface",
    "source": "OTRS",
    "references": "https://otrs.com/release-notes/otrs-security-advisory-2026-09/",
    "id": "CVE-2026-48210",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "OTRS AG OTRS 2026.3.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OTRS",
    "version": "2026.3.1",
    "vendor": "OTRS AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}