Primary

Context

Zammad HTML Sanitization Vulnerability in Ticket Articles Allowing Data URI Injection

Vulnerability

Patched

A vulnerability exists in Zammad, a web-based open-source helpdesk and customer support system, in versions prior to 7.0.1 and 6.5.4. The issue arises from the HTML sanitizer for ticket articles, which failed to properly sanitize 'data: ...' URI schemes. This oversight allowed malicious content to be stored in the database of affected Zammad instances. Although the Zammad GUI renders this content, applied Content Security Policy (CSP) rules prevented any harm from, for example, clicking such a link.

Impact

Exploitation of this vulnerability could lead to the injection of malicious 'data: ...' URIs into the Zammad database, which are then rendered in the Zammad GUI. While this could potentially be exploited to execute harmful actions, the existing CSP rules currently mitigate such risks.

Remediation

Users can upgrade to Zammad versions 7.0.1 or 6.5.4 to address this vulnerability.

Added: Apr 8, 2026, 8:19 PM

Updated: Apr 8, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

5.2

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

5.2

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zammad HTML Sanitization Vulnerability in Ticket Articles Allowing Data URI Injection

Vulnerability

Impact

Remediation

Affected Products

Zammad

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating