What is CVE-2026-48189?

CVE-2026-48189 is a medium-severity vulnerability in Otrs Ag, classified under Information Disclosure. CVSS score: 5.7/10. Published 2026-06-01.

How severe is CVE-2026-48189?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Information disclosure in Otrs Ag

CVE-2026-48189

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used t…

Vulnerability class: Information Disclosure

EPSS: 0.000 (9.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N.

Affected products

Otrs Ag — versions 7.0.x, 8.0.x, 2023.x

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

security@otrs.com

Frequently asked questions

What is CVE-2026-48189?: CVE-2026-48189 is a medium-severity vulnerability in Otrs Ag, classified under Information Disclosure. CVSS score: 5.7/10. Published 2026-06-01.
How severe is CVE-2026-48189?: Medium severity. CVSS v3 base score is 5.7 out of 10.