CVE-2026-48189

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.x OTRS versions 8.0.x OTRS versions 2023.x OTRS versions 2024.x OTRS versions 2025.x OTRS versions prior to 2026.4.x

Description Improper input validation in the Customer Backend module allows unauthorized access to customer information restricted to other groups. This issue occurs when the specific feature is enabled and CustomerGroupSupport is utilized.

Recommendations Update OTRS versions 7.0.x, 8.0.x, 2023.x, 2024.x, and 2025.x to a version containing the fix. Update OTRS versions prior to 2026.4.x to version 2026.4.x or later. As a temporary mitigation, disable the Customer Backend feature or restrict the use of CustomerGroupSupport.