Email with special content can lead to DoS_CVE-2026-48187

5.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Description

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS:

* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X

Please note that ((OTRS)) Community Edition 6.x, OTRS 7.x and products based on the ((OTRS)) Community Edition also very likely to be affected

Basic Information

ID CVE-2026-48187

Source OTRS

Published Jun 1, 2026 at 03:33

Affected Product

Vendor OTRS AG

Product OTRS

Version 7.0.x

Affected Versions OTRS AG OTRS 8.0.x
OTRS AG OTRS 2023.x
OTRS AG OTRS 2024.x
OTRS AG OTRS 2025.x
OTRS AG OTRS 2026.x

CWE Classification

CWE-400 CWE-770

References

otrs.com /release-notes/otrs-security-advisory-2026-06/

{
    "lastseen": "",
    "description": "An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS:\n\n  *  8.0.X\n  *  2023.X\n  *  2024.X\n  *  2025.X\n  *  2026.X before 2026.4.X\n\nPlease note that ((OTRS)) Community Edition 6.x, OTRS 7.x and products based on the ((OTRS)) Community Edition also very likely to be affected",
    "published": "2026-06-01T03:33:23.990Z",
    "modified": "2026-06-01T03:33:23.990Z",
    "type": "cve",
    "title": "Email with special content can lead to DoS",
    "source": "OTRS",
    "references": "https://otrs.com/release-notes/otrs-security-advisory-2026-06/",
    "id": "CVE-2026-48187",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400",
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "OTRS AG OTRS 8.0.x\nOTRS AG OTRS 2023.x\nOTRS AG OTRS 2024.x\nOTRS AG OTRS 2025.x\nOTRS AG OTRS 2026.x",
    "sourceHref": "",
    "cvss": {
        "score": 5.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OTRS",
    "version": "7.0.x",
    "vendor": "OTRS AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}