What is CVE-2026-48243?

CVE-2026-48243 is a medium-severity vulnerability in Open Ises Tickets, classified under Use of Hard-coded Credentials. CVSS score: 5.3/10. Published 2026-05-21.

How severe is CVE-2026-48243?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Open Ises Tickets

CVE-2026-48243

Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can extract the key and use it to make third-pa…

EPSS: 0.000 (11.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Open Ises Tickets — versions 0

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

disclosure@vulncheck.com (release-notes)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-48243?: CVE-2026-48243 is a medium-severity vulnerability in Open Ises Tickets, classified under Use of Hard-coded Credentials. CVSS score: 5.3/10. Published 2026-05-21.
How severe is CVE-2026-48243?: Medium severity. CVSS v3 base score is 5.3 out of 10.