Zammad — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in Zammad, with AI-generated Chinese analysis, references, and POCs.

Vendor: Zammad GmbH

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34837	Zammad is miissing authorization in AI assistance controller for context data used in text tools CWE-862	7.1^AI	High^AI	2026-04-08
CVE-2026-34782	Zammad has improper access control in AI assistance controller for text tools CWE-862	8.8^AI	High^AI	2026-04-08
CVE-2026-34724	Zammad has a server-side template injection leading to RCE via AI Agent CWE-94	7.2^AI	High^AI	2026-04-08
CVE-2026-34723	Zammad has incorrect access control in getting_started_controller CWE-284	7.5^AI	High^AI	2026-04-08
CVE-2026-34722	Zammad is missing authorization in ticket create endpoint CWE-862	4.3^AI	Medium^AI	2026-04-08
CVE-2026-34721	Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints CWE-352	8.8^AI	High^AI	2026-04-08
CVE-2026-34720	Zammad has an origin validation error in SSO mechanism CWE-346	7.1^AI	High^AI	2026-04-08
CVE-2026-34719	Zammad has a Server-side request forgery (SSRF) via webhooks CWE-918	6.5^AI	Medium^AI	2026-04-08
CVE-2026-34718	Zammad improperly neutralizes of script-related HTML tags in ticket articles CWE-80	5.4^AI	Medium^AI	2026-04-08
CVE-2026-34248	Zammad has an information disclosure in ticket detail view of customers in shared organizations CWE-284	3.5^AI	Low^AI	2026-04-08
CVE-2025-32358	Zammad 安全漏洞 CWE-918	4.0	Medium	2025-04-05
CVE-2025-32359	Zammad 安全漏洞 CWE-602	4.8	Medium	2025-04-05
CVE-2025-32360	Zammad 安全漏洞 CWE-402	4.2	Medium	2025-04-05
CVE-2025-32357	Zammad 安全漏洞 CWE-288	4.3	Medium	2025-04-05
CVE-2019-1010018	Zammad 跨站脚本漏洞 CWE-80	6.1	-	2019-07-16

All 15 known CVE vulnerabilities affecting Zammad with full Chinese analysis, references, and POCs where available.