Primary

Context

OTRS and OTRS Community Edition SQL Injection Vulnerability Leading to Authentication Bypass

Vulnerability

Patched

A vulnerability allowing unauthenticated SQL injection has been identified in the database layer module of OTRS and OTRS Community Edition. This improper input validation issue can lead to authentication bypass, but only if the MySQL or MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. The vulnerability affects OTRS versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, 2026.X prior to 2026.4.X, as well as OTRS Community Edition version 6.0.x. Additionally, products based on OTRS Community Edition are likely affected.

Impact

Exploitation of this vulnerability allows for SQL injection, which can be used to bypass authentication.

Added: Jun 1, 2026, 4:19 AM

Updated: Jun 1, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

6.2

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

6.2

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OTRS and OTRS Community Edition SQL Injection Vulnerability Leading to Authentication Bypass

Vulnerability

Impact

Affected Products

OTRS

OTRS Community Edition

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating