What is CVE-2026-48210?

CVE-2026-48210 is a medium-severity vulnerability in Otrs Ag, classified under Information Disclosure. CVSS score: 5.7/10. Published 2026-05-31.

How severe is CVE-2026-48210?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Privilege escalation in Otrs Ag

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of inter…

Vulnerability class: Information Disclosure

EPSS: 0.000 (1.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N.

Affected products

Otrs Ag — versions 2026.3.1

Weakness classification (CWE)

CWE-200 — Information Disclosure
CWE-269 — Improper Privilege Management

References

security@otrs.com

Frequently asked questions

What is CVE-2026-48210?: CVE-2026-48210 is a medium-severity vulnerability in Otrs Ag, classified under Information Disclosure. CVSS score: 5.7/10. Published 2026-05-31.
How severe is CVE-2026-48210?: Medium severity. CVSS v3 base score is 5.7 out of 10.