CVE-2026-34724

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1

Description Zammad is a web-based open-source helpdesk/customer support system. A server-side template injection vulnerability exists via the AI Agent, potentially leading to Remote Code Execution (RCE). The impact is limited to environments where an attacker can control or influence the type enrichment data variable, typically within high-privilege administrative configurations. Approximately 5,400 systems are publicly indexed.

Recommendations Update to version 7.0.1 or later.