CVE-2026-34724— Zammad 安全漏洞
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing Application新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-34724の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Zammad has a server-side template injection leading to RCE via AI Agent
ソース: NVD (National Vulnerability Database)
脆弱性説明
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence type_enrichment_data (typically high-privilege administrative configuration). This vulnerability is fixed in 7.0.1.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
对生成代码的控制不恰当(代码注入)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Zammad 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Zammad是德国Zammad公司的一套票务管理软件。 Zammad 7.0.1之前版本存在安全漏洞,该漏洞源于存在服务器端模板注入,可能导致通过AI代理实现远程代码执行。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2026-34724の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2026-34724のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · zammad · 2026-04-08 · 10 CVEs total
| CVE-2026-34722 | Zammad is missing authorization in ticket create endpoint | |
| CVE-2026-34837 | Zammad is miissing authorization in AI assistance controller for context data used in text | |
| CVE-2026-34248 | Zammad has an information disclosure in ticket detail view of customers in shared organiza | |
| CVE-2026-34720 | Zammad has an origin validation error in SSO mechanism | |
| CVE-2026-34721 | Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints | |
| CVE-2026-34719 | Zammad has a Server-side request forgery (SSRF) via webhooks | |
| CVE-2026-34718 | Zammad improperly neutralizes of script-related HTML tags in ticket articles | |
| CVE-2026-34782 | Zammad has improper access control in AI assistance controller for text tools | |
| CVE-2026-34723 | Zammad has incorrect access control in getting_started_controller |
IV. 関連脆弱性
同じ製品: zammad
- CVE-2026-34837
Zammad is miissing authorization in AI assistance controller - CVE-2026-34782
Zammad has improper access control in AI assistance controll - CVE-2026-34723
Zammad has incorrect access control in getting_started_contr - CVE-2026-34722
Zammad is missing authorization in ticket create endpoint - CVE-2026-34721
Zammad has Cross-site request forgery (CSRF) in OAuth callba
同じベンダー: zammad
- CVE-2026-34837
Zammad is miissing authorization in AI assistance controller - CVE-2026-34782
Zammad has improper access control in AI assistance controll - CVE-2026-34723
Zammad has incorrect access control in getting_started_contr - CVE-2026-34722
Zammad is missing authorization in ticket create endpoint - CVE-2026-34721
Zammad has Cross-site request forgery (CSRF) in OAuth callba
同じ弱点: CWE-94
- CVE-2022-50972
WooCommerce 7.1.0 Remote Code Execution via class-wc-meta-bo - CVE-2026-54816
WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execut - CVE-2026-40783
WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Co - CVE-2026-25470
WordPress ACPT (Pro) - Custom Post Types plugin for WordPres - CVE-2026-49113
WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execut
V. CVE-2026-34724へのコメント
まだコメントはありません