CVE-2026-26895
The issue is a user enumeration vulnerability in osTicket v1.18.2, exposed via /pwreset.php, allowing remote attackers to enumerate valid usernames registered on the platform. The description consistently refers to a username enumeration flaw without detailing the root cause beyond the vulnerable...