Primary

Context

Zammad Missing Authorization Vulnerability in AI Assistance Text Tools Endpoint

Vulnerability

Patched

A vulnerability exists in Zammad versions prior to 7.0.1 and 6.5.4, where the REST endpoint POST /api/v1/ai_assistance/text_tools/:id lacked proper authorization checks. This oversight allowed users to access the text tool without the necessary privileges. The issue has been addressed in versions 7.0.1 and 6.5.4.

Impact

Exploitation of this vulnerability allowed users to access and use the AI text tools without proper authorization, potentially leading to unauthorized actions or access within the application.

Remediation

Users can upgrade to Zammad versions 7.0.1 or 6.5.4 to address this vulnerability.

Added: Apr 8, 2026, 8:04 PM

Updated: Apr 8, 2026, 8:04 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zammad Missing Authorization Vulnerability in AI Assistance Text Tools Endpoint

Vulnerability

Impact

Remediation

Affected Products

Zammad

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating