CVE-2026-48189— Bypass DedicatedAgentToCustomerGroups Setting
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48189
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bypass DedicatedAgentToCustomerGroups Setting
Source: NVD (National Vulnerability Database)
Vulnerability Description
An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-48189
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-48189
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-48189 (1)
Same Patch Batch · OTRS AG · 2026-06-01 · 7 CVEs total
| CVE-2026-48188 | 9.1 CRITICAL | SQL Injection via MySQL Quote Method |
| CVE-2026-48209 | 7.1 HIGH | Reflected XSS in authenticated agent context |
| CVE-2026-48208 | 6.5 MEDIUM | Denial-of-Service via SVG Rendering in Ticket |
| CVE-2026-48187 | 5.7 MEDIUM | Email with special content can lead to DoS |
| CVE-2026-48191 | 3.5 LOW | Wrong Permission Handling in Document Search Article Meta Filters |
| CVE-2026-48190 | 3.5 LOW | Incorrect handling of permissions in External Interface Config Item List module |
IV. Related Vulnerabilities
Same product: OTRS
- CVE-2026-48187
Email with special content can lead to DoS - CVE-2026-48188
SQL Injection via MySQL Quote Method - CVE-2026-48190
Incorrect handling of permissions in External Interface Conf - CVE-2026-48191
Wrong Permission Handling in Document Search Article Meta Fi - CVE-2026-48208
Denial-of-Service via SVG Rendering in Ticket
Same vendor: OTRS AG
- CVE-2026-48187
Email with special content can lead to DoS - CVE-2026-48188
SQL Injection via MySQL Quote Method - CVE-2026-48190
Incorrect handling of permissions in External Interface Conf - CVE-2026-48191
Wrong Permission Handling in Document Search Article Meta Fi - CVE-2026-48208
Denial-of-Service via SVG Rendering in Ticket
Same weakness: CWE-200
- CVE-2026-42360
Apache Airflow: Rendered template truncation bypasses nested - CVE-2026-42358
Apache Airflow: Variable masker depth-limit bypass returns c - CVE-2026-45192
Apache Airflow: Incomplete Redaction of Sensitive Fields in - CVE-2026-48210
Possible information disclosure via External Interface - CVE-2026-2128
Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitiv
V. Comments for CVE-2026-48189
No comments yet