What is CVE-2026-48244?

CVE-2026-48244 is a medium-severity vulnerability in Open Ises Tickets, classified under Use of Hard-coded Credentials. CVSS score: 5.3/10. Published 2026-05-21.

How severe is CVE-2026-48244?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Open Ises Tickets

CVE-2026-48244

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Pl…

EPSS: 0.000 (11.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Open Ises Tickets — versions 0

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

disclosure@vulncheck.com (release-notes)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-48244?: CVE-2026-48244 is a medium-severity vulnerability in Open Ises Tickets, classified under Use of Hard-coded Credentials. CVSS score: 5.3/10. Published 2026-05-21.
How severe is CVE-2026-48244?: Medium severity. CVSS v3 base score is 5.3 out of 10.