CVE-2026-48189

{"id": "CVE-2026-48189", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@otrs.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2026-06-01T04:16:22.723", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2026-03/", "tags": ["Vendor Advisory"], "source": "security@otrs.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@otrs.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and\u00a0CustomerGroupSupport\u00a0has to be used to be affected.\n\nThis issue affects OTRS: \n\n * 7.0.X\n * 8.0.X\n * 2023.X\n * 2024.X\n * 2025.X\n * 2026.X before 2026.4.X"}], "lastModified": "2026-06-15T12:45:43.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "650E99BF-9E05-496F-BD59-5542A95FD221", "versionEndIncluding": "8.0.37", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "476B2F02-24EA-43BB-BEA8-282D7D71B386", "versionEndExcluding": "2026.4.1", "versionStartIncluding": "2023.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@otrs.com"}