Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
CVE-2026-48188: OTRS or OTRS Community Edition SQL Injection Allows Authentication Bypass
CVE-2026-48188
Summary
An OTRS or OTRS Community Edition system can be vulnerable to SQL injection attacks, which could allow an attacker to bypass authentication and access the system. This issue affects several versions of OTRS and OTRS Community Edition, and products based on the community edition are also likely to be affected. To protect your system, update to a fixed version or apply a patch as soon as possible.
Original title
An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue...
Original description
An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode.
This issue affects OTRS:
* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X
* (OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
This issue affects OTRS:
* 7.0.X
* 8.0.X
* 2023.X
* 2024.X
* 2025.X
* 2026.X before 2026.4.X
* (OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
nvd CVSS3.1
9.1
Vulnerability type
CWE-20
Improper Input Validation
Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 1 Jun 2026