CVE-2026-48247

Name of the Vulnerable Software and Affected Versions Open ISES Tickets versions prior to 3.44.2

Description TLS certificate verification is disabled in the file incs/functions.inc.php by setting the CURLOPT SSL VERIFYPEER variable to false and failing to set CURLOPT SSL VERIFYHOST during general-purpose outbound HTTPS requests issued by shared helper functions. This allows an attacker positioned on the network path between the server and the remote endpoint to present a forged certificate to intercept, monitor, or modify requests and responses, including session-bearing data or API keys in transit.

Recommendations Update to version 3.44.2.