PT-2026-45263 · Otrs+1 · Otrs+1
Published
2026-06-01
·
Updated
2026-06-01
·
CVE-2026-48191
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OTRS with STORM modules versions 7.0.x
OTRS with STORM modules versions 8.0.x
OTRS with STORM modules versions 2023.x
OTRS with STORM modules versions 2024.x
OTRS with STORM modules versions 2025.x
OTRS with STORM modules versions prior to 2026.4.x
Description
Incorrect handling of permissions in the Document Search Article Meta Filters modules allows an attacker to obtain information regarding the number of affected Configuration Items (CIs), Service Level Agreements (SLA), and services without having the required access permissions.
Recommendations
Update OTRS with STORM modules versions 7.0.x to a secure version.
Update OTRS with STORM modules versions 8.0.x to a secure version.
Update OTRS with STORM modules versions 2023.x to a secure version.
Update OTRS with STORM modules versions 2024.x to a secure version.
Update OTRS with STORM modules versions 2025.x to a secure version.
Update OTRS with STORM modules to version 2026.4.x or later.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Otrs
Storm