Vulnerability-Lookup

GHSA-4VHJ-5QC2-97WR

Vulnerability from github – Published: 2026-06-01 06:30 – Updated: 2026-06-01 06:30

Details

This issue affects OTRS:

7.0.X
8.0.X
2023.X
2024.X
2025.X
2026.X before 2026.4.X
(OTRS)) Community Edition: 6.0.x

Products based on the ((OTRS)) Community Edition also very likely to be affected

Severity

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-48188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T04:16:22Z",
    "severity": "CRITICAL"
  },
  "details": "An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition\u00a0database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if\u00a0the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode.\n\nThis issue affects OTRS: \n\n  *  7.0.X\n  *  8.0.X\n  *  2023.X\n  *  2024.X\n  *  2025.X\n  *  2026.X before 2026.4.X\n  *  (OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected",
  "id": "GHSA-4vhj-5qc2-97wr",
  "modified": "2026-06-01T06:30:26Z",
  "published": "2026-06-01T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48188"
    },
    {
      "type": "WEB",
      "url": "https://otrs.com/release-notes/otrs-security-advisory-2026-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2026-48188 (GCVE-0-2026-48188)

Vulnerability from cvelistv5 – Published: 2026-06-01 03:33 – Updated: 2026-06-01 13:17

Title

SQL Injection via MySQL Quote Method

Summary

An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X * (OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

OTRS

References

1 reference

URL	Tags
https://otrs.com/release-notes/otrs-security-advi…

Impacted products

2 products

Vendor	Product	Version
OTRS AG	OTRS	Affected: 7.0.x Affected: 8.0.x Affected: 2023.x Affected: 2024.x Affected: 2025.x Affected: 2026.x , ≤ 2026.3.x (patch)
OTRS AG	((OTRS)) Community Edition	Affected: 6.x

Date Public

2026-06-01 07:00

Credits

Special thanks to Daniel Triznafor reporting this vulnerability

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48188",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T13:17:22.840595Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T13:17:31.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "Database Layer"
          ],
          "product": "OTRS",
          "vendor": "OTRS AG",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.x"
            },
            {
              "status": "affected",
              "version": "8.0.x"
            },
            {
              "status": "affected",
              "version": "2023.x"
            },
            {
              "status": "affected",
              "version": "2024.x"
            },
            {
              "status": "affected",
              "version": "2025.x"
            },
            {
              "lessThanOrEqual": "2026.3.x",
              "status": "affected",
              "version": "2026.x",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "((OTRS)) Community Edition",
          "vendor": "OTRS AG",
          "versions": [
            {
              "status": "affected",
              "version": "6.x"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Special thanks to Daniel Triznafor reporting this vulnerability"
        }
      ],
      "datePublic": "2026-06-01T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition\u0026nbsp;database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if\u0026nbsp;the MySQL/MariaDB server is configured with the \u003ccode\u003eNO_BACKSLASH_ESCAPES\u003c/code\u003e SQL mode.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects OTRS: \u003c/p\u003e\u003cul\u003e\u003cli\u003e7.0.X\u003c/li\u003e\u003cli\u003e8.0.X\u003c/li\u003e\u003cli\u003e2023.X\u003c/li\u003e\u003cli\u003e2024.X\u003c/li\u003e\u003cli\u003e2025.X\u003c/li\u003e\u003cli\u003e2026.X before 2026.4.X\u003c/li\u003e\u003cli\u003e(OTRS)) Community Edition: 6.0.x\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cdiv\u003eProducts based on the ((OTRS)) Community Edition also very likely to be affected\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition\u00a0database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if\u00a0the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode.\n\nThis issue affects OTRS: \n\n  *  7.0.X\n  *  8.0.X\n  *  2023.X\n  *  2024.X\n  *  2025.X\n  *  2026.X before 2026.4.X\n  *  (OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T03:33:15.822Z",
        "orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
        "shortName": "OTRS"
      },
      "references": [
        {
          "url": "https://otrs.com/release-notes/otrs-security-advisory-2026-02/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to OTRS 2026.4.1. or later. Please note that there will be no OTRS 7 patches\u003cbr\u003e"
            }
          ],
          "value": "Update to OTRS 2026.4.1. or later. Please note that there will be no OTRS 7 patches"
        }
      ],
      "source": {
        "advisory": "OSA-2026-02",
        "defect": [
          "Ticket#2026052110000134",
          "Issue#4824",
          "Issue#4859"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "SQL Injection via MySQL Quote Method",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Reconfigure\u0026nbsp;MySQL/MariaDB servernot to use\u0026nbsp;\u003ccode\u003eNO_BACKSLASH_ESCAPES\u003c/code\u003e SQL"
            }
          ],
          "value": "Reconfigure\u00a0MySQL/MariaDB servernot to use\u00a0NO_BACKSLASH_ESCAPES SQL"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
    "assignerShortName": "OTRS",
    "cveId": "CVE-2026-48188",
    "datePublished": "2026-06-01T03:33:15.822Z",
    "dateReserved": "2026-05-21T07:53:13.254Z",
    "dateUpdated": "2026-06-01T13:17:31.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-4VHJ-5QC2-97WR

CVE-2026-48188 (GCVE-0-2026-48188)

Tags

Sightings

Nomenclature