CVE-2026-48188
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
CVE-2026-48188 describes an improper Input Validation vulnerability in the OTRS database layer module, allowing unauthenticated SQL injection that can lead to authentication bypass. This issue only affects systems where the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode.
Risk Assessment
Organizations using vulnerable versions of OTRS may be at risk of unauthorized access to the system, potentially leading to serious data security breaches.
Recommendation
It is recommended to upgrade OTRS to version 2026.4.X or later and to check the MySQL/MariaDB server configuration to disable the NO_BACKSLASH_ESCAPES mode.
Original NVD description (English source)
An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X * (OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

