Inadequate Access Control in Zammad Helpdesk System by Zammad GmbH
CVE-2026-34248

2.1LOW

Key Information:

Vendor: Zammad
Status: Zammad
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-34248?

The Zammad helpdesk system, utilized for customer support, was found to have an access control issue that allowed customers from shared organizations to view sensitive fields not intended for them. This included critical attributes such as ticket priorities and custom fields designed for internal use only. The vulnerability arose when a customer accessed tickets from another user within the same organization, leading to potential data leakage. The issue has been addressed in version 7.0.1, ensuring that sensitive information is appropriately restricted.

Affected Version(s)

zammad >= 7.0.0, < 7.0.1

References

https://github.com/zammad/zammad/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34248 Data

JSON