PT-2026-29802 · Undefined · Undefined

Ruben Ferreira

·

Published

2026-04-02

·

Updated

2026-04-02

·

CVE-2026-26895

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2026-26895

Affected Products

Undefined