CVE-2026-34722
Zammad is missing authorization in ticket create endpoint
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4.
| CWE | CWE-862 |
| Vendor | zammad |
| Product | zammad |
| Published | Apr 8, 2026 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for zammad zammad
Be the first to know when new unknown vulnerabilities affecting zammad zammad are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
zammad / zammad
< 6.5.4 >= 7.0.0-alpha, < 7.0.1