What is CVE-2026-48188?

CVE-2026-48188 is a critical-severity vulnerability in Otrs Ag, classified under Improper Input Validation. CVSS score: 9.1/10. Published 2026-06-01.

How severe is CVE-2026-48188?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2026-48188 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Otrs Ag

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/Mari…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (22.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Otrs Ag — versions 7.0.x, 8.0.x, 2023.x
Otrs Ag ((Otrs)) Community Edition — versions 6.x

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

Habuon/CVE-2026-48188

References

security@otrs.com

Frequently asked questions

What is CVE-2026-48188?: CVE-2026-48188 is a critical-severity vulnerability in Otrs Ag, classified under Improper Input Validation. CVSS score: 9.1/10. Published 2026-06-01.
How severe is CVE-2026-48188?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2026-48188 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.