Hardcoded Google Maps API Key Vulnerability in Open ISES Tickets by Open ISES
CVE-2026-48245

6.9MEDIUM

Key Information:

Vendor

Open Ises

Status
Tickets
Vendor
CVE Published:
21 May 2026

What is CVE-2026-48245?

The Open ISES Tickets application prior to version 3.44.2 contains a hardcoded Google Maps API key within its tables.php file. This key can be easily extracted by any individual with read access to the public source repository, allowing unauthorized use of Google's services and potentially leading to unexpected charges on the owner’s Google Cloud account. Users are advised to upgrade to the latest version to mitigate this security risk.

Affected Version(s)

Tickets 0 < 3.44.2

References

https://github.com/openises/tickets/releases/tag/v3.44.2
release-notes
https://github.com/openises/tickets/commit/ecfeb406a01676...
patch
https://www.vulncheck.com/advisories/open-ises-tickets-ha...
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.