Primary

Context

Zammad Information Disclosure Vulnerability in Shared Organizations

Vulnerability

Patched

A vulnerability allowing information disclosure has been identified in Zammad versions prior to 7.0.1. Customers in shared organizations could access fields not intended for them, such as ticket priority and custom internal attributes, when viewing tickets from other users within the same organization. This issue has been resolved in Zammad 7.0.1.

Impact

Exploitation of this vulnerability allowed customers in shared organizations to view unintended fields in ticket details, including priority and custom attributes meant for internal use only.

Remediation

Users can upgrade to Zammad version 7.0.1 to address this vulnerability.

Added: Apr 8, 2026, 8:20 PM

Updated: Apr 8, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.0

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.0

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zammad Information Disclosure Vulnerability in Shared Organizations

Vulnerability

Impact

Remediation

Affected Products

Zammad

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating