Hardcoded Google Maps API Key in Open ISES Tickets Software
CVE-2026-48244

6.9MEDIUM

Key Information:

Vendor

Open Ises

Status
Tickets
Vendor
CVE Published:
21 May 2026

What is CVE-2026-48244?

A security flaw in Open ISES Tickets versions prior to 3.44.2 involves the inclusion of a hardcoded Google Maps API key within the settings.inc.php file. This key has been publicly accessible through the source repository, allowing unauthorized users with read access to extract it. The exposed API key can be exploited to make requests to the Google Maps Platform, resulting in potential financial implications for the original owner whose Google Cloud project is linked to the API key. It's crucial for users of the software to upgrade to version 3.44.2 or later to mitigate this risk.

Affected Version(s)

Tickets 0 < 3.44.2

References

https://github.com/openises/tickets/releases/tag/v3.44.2
release-notes
https://github.com/openises/tickets/commit/ecfeb406a01676...
patch
https://www.vulncheck.com/advisories/open-ises-tickets-ha...
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.