CVE-2026-34782

Zammad (web-based helpdesk) has an access-control flaw in the REST endpoint POST /api/v1/ai_assistance/text_tools/:id, allowing use of the text tool without proper privileges prior to versions 7.0.1 and 6.5.4. The issue enables exploitation in network contexts with low privileges and no user inte...

EUVD-2021-21942

Malware in sbrugna...

CVE-2023-29868

Zammad 5.3.x Fixed in 5.4.0 is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions...

Zammad Access Control Error Vulnerability (CNVD-2023-36294)

Zammad is a Web-based open source help desk. Zammad suffers from an Access Control Error vulnerability that can be exploited by a remote attacker to submit a special request that can obtain sensitive information...

Zammad Access Control Error Vulnerability (CNVD-2023-97829)

Zammad is a suite of ticket management software from the German company Zammad. An access control error vulnerability exists in Zammad version v5.3.0, which stems from an improper access control error in the component /api/v1/mentions, and can be exploited by an authenticated attacker with proxy...

Zammad Incorrect Access Control Vulnerability

Zammad is a Web-based open source helpdesk/customer support system. Zammad suffers from a linked work order incorrect access control vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information...