Primary

Context

OTRS Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the SQL Box feature of the OTRS admin interface. This issue causes uncontrolled resource consumption, which can overwhelm the web server and disrupt service. The vulnerability affects OTRS versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X prior to 2026.3.X.

Impact

Exploitation of this vulnerability leads to excessive resource allocation, causing the web server to become unresponsive. The system may terminate the process handling the web server, further disrupting service.

Remediation

Users can update to OTRS version 2026.3.1 or later. For OTRS 7 users, no patches will be available. As a workaround, SQL Box can be removed from the Admin Interface via System Configuration.

Added: Apr 20, 2026, 7:31 PM

Updated: Apr 20, 2026, 7:31 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

8.3

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

8.3

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OTRS Uncontrolled Resource Consumption Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

OTRS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating