CVE-2026-48191
3.5 LOWAn incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules...
Published: 2026-06-01 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 3.5 LOW
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- CWE
- CWE-276
Description
An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-49157 — Incorrect Default Permissions vulnerability in Apache ActiveMQ (8.8 HIGH)
- CVE-2026-48190 — An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query ... (3.5 LOW)
- CVE-2026-33590 — Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level cod...
- CVE-2026-49237 — An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199 (7.8 HIGH)
- CVE-2026-44469 — The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative instal... (7.8 HIGH)