What is CVE-2026-48190?

CVE-2026-48190 is a low-severity vulnerability in Otrs Ag, classified under Incorrect Default Permissions. CVSS score: 3.5/10. Published 2026-06-01.

How severe is CVE-2026-48190?

Low severity. CVSS v3 base score is 3.5 out of 10.

Vulnerability in Otrs Ag

CVE-2026-48190

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to…

EPSS: 0.000 (5.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N.

Affected products

Otrs Ag — versions 7.0.x, 8.0.x, 2023.x

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

security@otrs.com

Frequently asked questions

What is CVE-2026-48190?: CVE-2026-48190 is a low-severity vulnerability in Otrs Ag, classified under Incorrect Default Permissions. CVSS score: 3.5/10. Published 2026-06-01.
How severe is CVE-2026-48190?: Low severity. CVSS v3 base score is 3.5 out of 10.