Otrs

This hub aggregates every CVE we track for Otrs, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Enterprise Softwareon-premweb app

154

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM99LOW33HIGH21CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Otrs.

CVE-2026-48187Email with special content can lead to DoS5.7Jun 1, 2026
CVE-2026-48188SQL Injection via MySQL Quote Method9.1Jun 1, 2026
CVE-2026-48189Bypass DedicatedAgentToCustomerGroups Setting5.7Jun 1, 2026
CVE-2026-48190Incorrect handling of permissions in External Interface Config Item List module3.5Jun 1, 2026
CVE-2026-48191Wrong Permission Handling in Document Search Article Meta Filters3.5Jun 1, 2026
CVE-2026-48208Denial-of-Service via SVG Rendering in Ticket6.5Jun 1, 2026
CVE-2026-48209Reflected XSS in authenticated agent context7.1Jun 1, 2026
CVE-2026-48210Possible information disclosure via External Interface5.7May 31, 2026
CVE-2026-6060Possible DoS via SQL Box4.5Apr 20, 2026
CVE-2025-24391Possible user enumeration5.3Jul 14, 2025
CVE-2025-24388Unsafe handling of AJAX calls3.8Jun 16, 2025
CVE-2025-24387Missing CSRF protection4.8Mar 10, 2025
CVE-2025-24390Missing Cookie Flags6.8Jan 27, 2025
CVE-2025-24389SMTP Password will be shown in cleartext on some SMTP errors6.3Jan 27, 2025
CVE-2024-43446Improper check of permissions in Generic Interface3.5Jan 27, 2025

Product normalization is registry-driven with AI assist and human review. How it works