CVE-2026-22200

Name of the Vulnerable Software and Affected Versions Enhancesoft osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3

Description osTicket contains an arbitrary file read issue in the ticket PDF export functionality. A remote attacker can submit a ticket with crafted rich-text HTML containing PHP filter expressions that are not properly sanitized before processing by the mPDF PDF generator. Exporting the ticket to PDF allows embedding the contents of attacker-selected files from the server filesystem as bitmap images, potentially disclosing sensitive local files within the osTicket application user's context. This is exploitable in default configurations where guests can create tickets and access ticket status, or when self-registration is enabled. The issue can lead to the disclosure of sensitive configuration data, including database credentials and secret keys.

Recommendations Update osTicket to version 1.17.7 or later. Update osTicket to version 1.18.3 or later.