zammad
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting zammad.
- CVE-2026-34837Zammad is miissing authorization in AI assistance controller for context data used in text tools4.3
- CVE-2026-34782Zammad has improper access control in AI assistance controller for text tools4.3
- CVE-2026-34724Zammad has a server-side template injection leading to RCE via AI Agent7.2
- CVE-2026-34723Zammad has incorrect access control in getting_started_controller7.5
- CVE-2026-34722Zammad is missing authorization in ticket create endpoint4.3
- CVE-2026-34721Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints6.5
- CVE-2026-34720Zammad has an origin validation error in SSO mechanism4.3
- CVE-2026-34719Zammad has a Server-side request forgery (SSRF) via webhooks4.3
- CVE-2026-34718Zammad improperly neutralizes of script-related HTML tags in ticket articles6.1
- CVE-2026-34248Zammad has an information disclosure in ticket detail view of customers in shared organizations5.7
- CVE-2025-32360In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared ...4.2
- CVE-2025-32359In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current...4.8
- CVE-2025-32358In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint re...4.0
- CVE-2025-32357In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.4.3
- CVE-2024-55578Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.4.3