CVE-2026-48248

Name of the Vulnerable Software and Affected Versions Open ISES Tickets versions prior to 3.44.2

Description The software disables TLS certificate verification in the file incs/login.inc.php by setting CURLOPT SSL VERIFYPEER to false and failing to set CURLOPT SSL VERIFYHOST during outbound HTTPS requests in the login and authentication flow. This allows an attacker positioned on the network path between the server and the remote endpoint to present a forged certificate to intercept, monitor, or modify requests and responses, including session-bearing data or API keys in transit.

Recommendations Update to version 3.44.2.