CVE-2026-48210

CVSS v3.1

5.7

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend

This issue affects OTRS 2026.3.1

Fix

Improper Privilege Management

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-200

Related Identifiers

CVE-2026-48210

Affected Products

Otrs

CVE-2026-48210

Weakness Enumeration

Related Identifiers

Affected Products

References · 2