CVE-2026-6060

Summary

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 

  • 7.0.X
  • 8.0.X
  • 2023.X
  • 2024.X
  • 2025.X
  • 2026.X before 2026.3.X

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRS7.0.xaffected
OTRS AGOTRS8.0.xaffected
OTRS AGOTRS2023.xaffected
OTRS AGOTRS2024.xaffected
OTRS AGOTRS2025.xaffected
OTRS AGOTRS2026.x <= 2026.2.xaffected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption
  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

Workarounds

Remove SQL Box from Admin Interface via System Configuration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References