Improper Input Validation in OTRS Customer Backend Module
CVE-2026-48189

5.7MEDIUM

Key Information:

Vendor: Otrs Ag
Status: Otrs
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-48189?

An improper Input Validation vulnerability exists in the OTRS Customer Backend module, which can lead to unauthorized access to customer information that should be restricted to specific user groups. This issue manifests when the CustomerGroupSupport feature is enabled, potentially compromising sensitive data for users across different groups. Organizations utilizing impacted versions must take immediate action to safeguard against this risk.

Affected Version(s)

OTRS 7.0.x

OTRS 8.0.x

References

https://otrs.com/release-notes/otrs-security-advisory-202...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-48189 Data

JSON

Otrs Ag

What is CVE-2026-48189?

Affected Version(s)

References

CVSS V3.1

Timeline