What is GHSA-f9pc-83mw-48hx?

GHSA-f9pc-83mw-48hx is a security advisory published by GitHub Security Advisories with Medium severity. An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to...

Which CVE IDs does GHSA-f9pc-83mw-48hx cover?

GHSA-f9pc-83mw-48hx covers the following CVE IDs: CVE-2026-48210. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-f9pc-83mw-48hx?

GHSA-f9pc-83mw-48hx has a CVSS v3 base score of 5.7, published by GitHub Security Advisories.

GHSA-f9pc-83mw-48hxMediumCVSS 5.7

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to...

Vendor

GitHub Security Advisories

Published

June 1, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-48210 →

📋 Description

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend

This issue affects OTRS 2026.3.1

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-48210
https://otrs.com/release-notes/otrs-security-advisory-2026-09
https://github.com/advisories/GHSA-f9pc-83mw-48hx