CVE-2026-48210
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
31/05/2026
Last modified:
15/06/2026
Description
An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend<br />
<br />
This issue affects OTRS 2026.3.1
Impact
Base Score 3.x
5.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:otrs:otrs:2026.3.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



