VYPR

Vendor CVEs

Zammad

All CVEs

90 total · sorted by risk
  • CVE-2017-6080CriMar 13, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users…

  • CVE-2017-5619CriMar 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.

  • CVE-2017-6081HigMar 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.

  • CVE-2026-34724HigApr 8, 2026
    risk 0.47cvss 7.2epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence type_enrichment_data…

  • CVE-2026-34723HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This…

  • CVE-2018-1000154MedApr 5, 2018
    risk 0.40cvss 6.1epss 0.02

    Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script…

  • CVE-2017-5621MedMar 13, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.

  • CVE-2017-5620MedMar 13, 2017
    risk 0.40cvss 6.1epss 0.01

    An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.

  • CVE-2026-34248MedApr 8, 2026
    risk 0.37cvss 5.7epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they can see each other's tickets) could see fields which are not intended for customers - including fields not intended for them at all (e.g. priority,…

  • CVE-2026-34721MedApr 8, 2026
    risk 0.35cvss 6.5epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4.

  • CVE-2026-34718MedApr 8, 2026
    risk 0.33cvss 6.1epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization of data: ... URI schemes, resulting in storing such malicious content in the database of the Zammad instance. The…

  • CVE-2026-34837MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/ai_assistance/text_tools/:id contains an authorization failure. Context data (e.g., a group or organization) supplied to be used in the AI prompt were not checked if…

  • CVE-2026-34782MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/ai_assistance/text_tools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This…

  • CVE-2026-34722MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4.

  • CVE-2026-34720MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and…

  • CVE-2026-34719MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme (HTTP/HTTPS) as well as the hostname was checked. This could…

  • CVE-2025-32360Apr 5, 2025
    risk 0.00cvss epss 0.00

    In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain…

  • CVE-2025-32357Apr 5, 2025
    risk 0.00cvss epss 0.00

    In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.

  • CVE-2025-32359Apr 5, 2025
    risk 0.00cvss epss 0.00

    In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end…

  • CVE-2025-32358Apr 5, 2025
    risk 0.00cvss epss 0.00

    In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET…

  • CVE-2024-55578Dec 9, 2024
    risk 0.00cvss epss 0.00

    Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.

  • CVE-2024-36078May 19, 2024
    risk 0.00cvss epss 0.00

    In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the…

  • CVE-2024-33666Apr 26, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents.

  • CVE-2024-33667Apr 26, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist.

  • CVE-2024-33668Apr 26, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to.

  • CVE-2023-50454Dec 10, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.

  • CVE-2023-50456Dec 10, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.

  • CVE-2023-50455Dec 10, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).

  • CVE-2023-50453Dec 10, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.

  • CVE-2023-50457Dec 10, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.

  • CVE-2023-31597May 18, 2023
    risk 0.00cvss epss 0.00

    An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.

  • CVE-2023-29867May 2, 2023
    risk 0.00cvss epss 0.00

    Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.

  • CVE-2023-29868May 2, 2023
    risk 0.00cvss epss 0.01

    Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.

  • CVE-2022-48022Feb 3, 2023
    risk 0.00cvss epss 0.01

    An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.

  • CVE-2022-48023Feb 3, 2023
    risk 0.00cvss epss 0.00

    Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.

  • CVE-2022-48021Feb 3, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server.

  • CVE-2022-40816Sep 27, 2022
    risk 0.00cvss epss 0.01

    Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in…

  • CVE-2022-40817Sep 27, 2022
    risk 0.00cvss epss 0.00

    Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in…

  • CVE-2022-35490Aug 8, 2022
    risk 0.00cvss epss 0.01

    Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling…

  • CVE-2022-35489Aug 8, 2022
    risk 0.00cvss epss 0.01

    In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned.

  • CVE-2022-35488Aug 8, 2022
    risk 0.00cvss epss 0.01

    In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.

  • CVE-2022-35487Aug 8, 2022
    risk 0.00cvss epss 0.01

    Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files.

  • CVE-2022-29700Apr 27, 2022
    risk 0.00cvss epss 0.01

    A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.

  • CVE-2022-29701Apr 27, 2022
    risk 0.00cvss epss 0.01

    A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.

  • CVE-2022-27332Apr 27, 2022
    risk 0.00cvss epss 0.01

    An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).

  • CVE-2022-27331Apr 27, 2022
    risk 0.00cvss epss 0.01

    An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.

  • CVE-2021-43145Feb 4, 2022
    risk 0.00cvss epss 0.01

    With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.

  • CVE-2021-44886Feb 4, 2022
    risk 0.00cvss epss 0.01

    In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.

  • CVE-2021-42137Oct 11, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.

  • CVE-2021-42084Oct 7, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.

Page 1 of 2