Vulnerabilidades en zammad
14 resultadosCVE-2026-34723HIGHZammad has incorrect access control in getting_started_controllerEPSS 0.4%CVE-2026-34724HIGHZammad has a server-side template injection leading to RCE via AI AgentEPSS 0.3%CVE-2026-34719HIGHZammad has a Server-side request forgery (SSRF) via webhooksEPSS 0.2%CVE-2025-32359MEDIUMIn Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configEPSS 0.2%CVE-2025-32358MEDIUMIn Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests EPSS 0.2%CVE-2025-32357MEDIUMIn Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base EPSS 0.2%CVE-2025-32360MEDIUMIn Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, aEPSS 0.2%CVE-2026-34248LOWZammad has an information disclosure in ticket detail view of customers in shared organizationsEPSS 0.2%CVE-2026-34837MEDIUMZammad is miissing authorization in AI assistance controller for context data used in text toolsEPSS 0.2%CVE-2026-34782MEDIUMZammad has improper access control in AI assistance controller for text toolsEPSS 0.2%CVE-2026-34722MEDIUMZammad is missing authorization in ticket create endpointEPSS 0.2%CVE-2026-34718MEDIUMZammad improperly neutralizes of script-related HTML tags in ticket articlesEPSS 0.1%CVE-2026-34721MEDIUMZammad has Cross-site request forgery (CSRF) in OAuth callback endpointsEPSS 0.1%CVE-2026-34720LOWZammad has an origin validation error in SSO mechanismEPSS 0.1%