CVE Catalog

CVE-2026-48210

MediumCVSS 5.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend.

Risk Assessment

The organization may be exposed to the disclosure of sensitive ticket information to customers, potentially leading to privacy breaches and data security issues.

Recommendation

It is recommended to review and adjust the OTRS configuration to allow users to disable the “Is visible for customer” flag and to update the system to the latest version to minimize risk.

Original NVD description (English source)

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue affects OTRS 2026.3.1

Vulnerability data from NVD (NIST) · CISA KEV · EPSS