What is CVE-2026-48191?

CVE-2026-48191 is a low-severity vulnerability in Otrs Ag, classified under Incorrect Default Permissions. CVSS score: 3.5/10. Published 2026-06-01.

How severe is CVE-2026-48191?

Low severity. CVSS v3 base score is 3.5 out of 10.

Vulnerability in Otrs Ag

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to the…

EPSS: 0.000 (5.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N.

Affected products

Otrs Ag — versions 7.0.x, 8.0.x, 2023.x

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

security@otrs.com

Frequently asked questions

What is CVE-2026-48191?: CVE-2026-48191 is a low-severity vulnerability in Otrs Ag, classified under Incorrect Default Permissions. CVSS score: 3.5/10. Published 2026-06-01.
How severe is CVE-2026-48191?: Low severity. CVSS v3 base score is 3.5 out of 10.