Known Vulnerabilities for products from Otrs

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Otrs".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-48210 json	An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for ...	Not Provided	2026-05-31	2026-06-15
CVE-2026-48209 json	An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authentica...	Not Provided	2026-06-01	2026-06-15
CVE-2026-48208 json		Not Provided	2026-06-01	2026-06-01
CVE-2026-48191 json	An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Fil...	Not Provided	2026-06-01	2026-06-15
CVE-2026-48190 json	An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated custom...	Not Provided	2026-06-01	2026-06-15
CVE-2026-48189 json		Not Provided	2026-06-01	2026-06-01
CVE-2026-48188 json	An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthentic...	Not Provided	2026-06-01	2026-06-15
CVE-2026-48187 json	An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocati...	Not Provided	2026-06-01	2026-06-15
CVE-2026-6060 json		Not Provided	2026-04-20	2026-04-20
CVE-2024-23792 json		6.5 - MEDIUM	2024-01-29	2024-02-02
CVE-2024-23791 json		7.5 - HIGH	2024-01-29	2024-02-02
CVE-2024-23790 json		9.8 - CRITICAL	2024-01-29	2024-02-02
CVE-2023-38060 json	Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operatio...	8.8 - HIGH	2023-07-24	2023-08-31
CVE-2023-38059 json	The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload....	5.3 - MEDIUM	2023-10-16	2023-10-19
CVE-2023-38058 json	An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacke...	4.3 - MEDIUM	2023-07-24	2023-08-01
CVE-2023-38057 json	An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered s...	5.4 - MEDIUM	2023-07-24	2023-08-04
CVE-2023-38056 json	Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using U...	7.2 - HIGH	2023-07-24	2023-08-01
CVE-2023-6254 json	Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using U...	7.5 - HIGH	2023-11-27	2023-12-01
CVE-2023-5422 json	The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based com...	9.1 - CRITICAL	2023-10-16	2023-10-20
CVE-2023-5421 json	An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the Cus...	5.5 - MEDIUM	2023-10-16	2023-10-19

Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Otrs

Type	Vendor	Product	Version
Application	Otrs	Cis In Customer Frontend	7.0.0
Application	Otrs	Faq	2.0.1
Application	Otrs	Frontend	7.0.0
Application	Otrs	Otrs	0.5
Application	Otrs	Otrs Help Desk	3.0.0
Application	Otrs	Otrs Itsm	2.1.0
Application	Otrs	Survey	1.0.10
Application	Otrs	Ticket Forms	6.0.0