Improper Privilege Management in Zammad Helpdesk System
CVE-2026-34782

5.3MEDIUM

Key Information:

Vendor: Zammad
Status: Zammad
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-34782?

A vulnerability has been identified in the Zammad Helpdesk System where the REST API endpoint, specifically POST /api/v1/ai_assistance/text_tools/:id, fails to enforce proper user privilege checks. This flaw allows unauthorized users to access and utilize the text tools functionality, posing a risk of misuse. Versions 7.0.1 and 6.5.4 have addressed this issue, emphasizing the importance of ensuring users have appropriate privileges when accessing sensitive API functions.

Affected Version(s)

zammad >= 7.0.0, < 7.0.1

References

https://github.com/zammad/zammad/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34782 Data

JSON