Hardcoded API Key Vulnerability in Open ISES Tickets by Open ISES
CVE-2026-48243

6.9MEDIUM

Key Information:

Vendor

Open Ises

Status
Tickets
Vendor
CVE Published:
21 May 2026

What is CVE-2026-48243?

An exposure issue in Open ISES Tickets prior to version 3.44.2 involves the embedding of a hardcoded WhitePages reverse-phone API key in the wp1.php file. This key was unintentionally included in a public source repository, making it accessible to anyone with read access. Attackers can exploit this vulnerability to extract the API key and make unauthorized API calls, which could lead to unexpected charges or rate limiting on the original owner's WhitePages account. It is recommended to upgrade to version 3.44.2 or later to mitigate this risk.

Affected Version(s)

Tickets 0 < 3.44.2

References

https://github.com/openises/tickets/releases/tag/v3.44.2
release-notes
https://github.com/openises/tickets/commit/ecfeb406a01676...
patch
https://www.vulncheck.com/advisories/open-ises-tickets-ha...
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.