Primary

Context

Zammad Unauthenticated Sensitive Data Exposure Vulnerability

Vulnerability

Patched

A vulnerability in Zammad, a web-based open-source helpdesk and customer support system, allows unauthenticated remote attackers to access sensitive internal entity data through the 'getting started' endpoint. This issue affects Zammad versions prior to 7.0.1 and 6.5.4, even after the system setup was completed.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive internal data.

Remediation

Users can upgrade to Zammad versions 7.0.1 or 6.5.4 to address this vulnerability.

Added: Apr 8, 2026, 8:11 PM

Updated: Apr 8, 2026, 8:11 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.9

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.9

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zammad Unauthenticated Sensitive Data Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Zammad

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating