← Volver a CVEs
CVE-2026-34248
MEDIUM5.7
Descripcion
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they can see each other's tickets) could see fields which are not intended for customers - including fields not intended for them at all (e.g. priority, custom ticket attributes for internal purposes). This was the case when a customer opened a ticket from another user of the same shared organization. They are not able to modify these field. This vulnerability is fixed in 7.0.1.
Detalles CVE
Puntuacion CVSS v3.15.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado4/8/2026
Ultima modificacion4/17/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
zammad:zammad
Debilidades (CWE)
CWE-284
Referencias
https://github.com/zammad/zammad/security/advisories/GHSA-prww-84vh-w978(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.