← back
CVE-2026-34722

Zammad is missing authorization in ticket create endpoint

CVSS 6.9 MEDIUMEPSS 0.2%CWE-862
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
zammad · zammad

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/zammad/zammad/security/advisories/GHSA-28m3-wwgv-ppw8