Low severity3.5NVD Advisory· Published Jun 1, 2026· Updated Jun 15, 2026
CVE-2026-48191
CVE-2026-48191
Description
An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them.
This issue affects OTRS with STORM modules:
- 7.0.X
- 8.0.X
- 2023.X
- 2024.X
- 2025.X
- 2026.X before 2026.4.X
Affected products
1- Range: 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, 2026.X before 2026.4.X
Patches
Vulnerability mechanics
References
1- otrs.com/release-notes/otrs-security-advisory-2026-05/nvdVendor Advisory
News mentions
0No linked articles in our index yet.