CVE-2026-48189
MediumCVSS 5.7Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
An improper Input Validation vulnerability in the OTRS Customer Backend module allows access to customer information that is restricted to other groups. Note that the feature must be enabled and CustomerGroupSupport must be used to be affected.
Risk Assessment
The organization may be exposed to unauthorized access to sensitive customer information, potentially leading to privacy breaches and loss of customer trust.
Recommendation
It is recommended to disable the feature if not needed and to update OTRS to version 2026.4.X or later to mitigate this vulnerability.
Original NVD description (English source)
An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X

