PT-2026-31413 · Zammad · Zammad
Published
2026-04-08
·
Updated
2026-04-09
·
CVE-2026-34248
CVSS v3.1
5.7
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zammad versions prior to 7.0.1
Description
Zammad is a web based open source helpdesk/customer support system. In shared organizations, customers could view fields not intended for customer access, including fields restricted to internal use (e.g., priority, custom ticket attributes). This occurred when a customer opened a ticket on behalf of another user within the same shared organization. While customers could view these fields, they were unable to modify them.
Recommendations
Update to version 7.0.1 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zammad