Vulnerability in Zammad

CVE-2026-34248

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they can see each other's tickets) could see fields which are not intended for customers - including fields not in…

EPSS: 0.000 (10.7th percentile) — read the EPSS interpretation.

Affected products

Zammad — versions >= 7.0.0, < 7.0.1

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

https://github.com/zammad/zammad/security/advisories/GHSA-prww-84vh-w978 (x_refsource_CONFIRM)