VYPR
Medium severity5.9NVD Advisory· Published May 21, 2026· Updated May 21, 2026

CVE-2026-48246

CVE-2026-48246

Description

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openises/Ticketsreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <3.44.2

Patches

Vulnerability mechanics

References

3

News mentions

1