Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zammad — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting zammad. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zammad serves as an open-source helpdesk and customer support platform, focusing on ticket management and communication. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with 14 CVEs documented. Security concerns often stem from improper input validation and access control flaws. While no major public security incidents have been widely reported, the consistent presence of vulnerabilities highlights the need for regular updates and hardening. The platform's modular architecture and third-party integrations introduce additional potential attack surfaces, requiring careful configuration to mitigate risks.

Top products by zammad: Zammad
CVE IDTitleCVSSSeverityPublished
CVE-2026-34837 Zammad is miissing authorization in AI assistance controller for context data used in text tools — zammadCWE-862 7.1AIHighAI2026-04-08
CVE-2026-34782 Zammad has improper access control in AI assistance controller for text tools — zammadCWE-862 8.8AIHighAI2026-04-08
CVE-2026-34724 Zammad has a server-side template injection leading to RCE via AI Agent — zammadCWE-94 7.2AIHighAI2026-04-08
CVE-2026-34723 Zammad has incorrect access control in getting_started_controller — zammadCWE-284 7.5AIHighAI2026-04-08
CVE-2026-34722 Zammad is missing authorization in ticket create endpoint — zammadCWE-862 4.3AIMediumAI2026-04-08
CVE-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints — zammadCWE-352 8.8AIHighAI2026-04-08
CVE-2026-34720 Zammad has an origin validation error in SSO mechanism — zammadCWE-346 7.1AIHighAI2026-04-08
CVE-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks — zammadCWE-918 6.5AIMediumAI2026-04-08
CVE-2026-34718 Zammad improperly neutralizes of script-related HTML tags in ticket articles — zammadCWE-80 5.4AIMediumAI2026-04-08
CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations — zammadCWE-284 3.5AILowAI2026-04-08
CVE-2025-32358 Zammad 安全漏洞 — ZammadCWE-918 4.0 Medium2025-04-05
CVE-2025-32359 Zammad 安全漏洞 — ZammadCWE-602 4.8 Medium2025-04-05
CVE-2025-32360 Zammad 安全漏洞 — ZammadCWE-402 4.2 Medium2025-04-05
CVE-2025-32357 Zammad 安全漏洞 — ZammadCWE-288 4.3 Medium2025-04-05

This page lists every published CVE security advisory associated with zammad. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.