Medium severity5.3NVD Advisory· Published Apr 2, 2026· Updated Apr 7, 2026
CVE-2026-26895
CVE-2026-26895
Description
User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- csacyber.com/blog/osticket-timing-vulnerability-understanding-the-risknvdExploitThird Party Advisory
- osticket.comnvdProduct
News mentions
0No linked articles in our index yet.