Primary

Context

OTRS Customer Backend Improper Input Validation Vulnerability Allowing Unauthorized Access to Customer Information

Vulnerability

Patched

A vulnerability in the OTRS Customer Backend module has been identified, allowing improper input validation that could lead to unauthorized access to customer information restricted from certain groups. This issue affects OTRS versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X prior to 2026.4.X. The vulnerability is only applicable if the feature is enabled and CustomerGroupSupport is utilized.

Impact

Exploitation of this vulnerability could result in unauthorized access to customer information, violating data access restrictions between groups.

Added: Jun 1, 2026, 4:19 AM

Updated: Jun 1, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OTRS Customer Backend Improper Input Validation Vulnerability Allowing Unauthorized Access to Customer Information

Vulnerability

Impact

Affected Products

OTRS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating