CVE-2026-48187
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Summary
An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS:
- 8.0.X
- 2023.X
- 2024.X
- 2025.X
- 2026.X before 2026.4.X
Please note that ((OTRS)) Community Edition 6.x, OTRS 7.x and products based on the ((OTRS)) Community Edition also very likely to be affected
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OTRS AG | OTRS | 7.0.x | unknown |
| OTRS AG | OTRS | 8.0.x | affected |
| OTRS AG | OTRS | 2023.x | affected |
| OTRS AG | OTRS | 2024.x | affected |
| OTRS AG | OTRS | 2025.x | affected |
| OTRS AG | OTRS | 2026.x <= 2026.3.x | affected |
| OTRS AG | ((OTRS)) Community Edition | 6.x | unknown |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
- CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.