Znuny Vulnerabilities - Remote Attack Possible
Summary
CERT-Bund has issued a security advisory for Znuny, an open-source ticketing software, detailing multiple vulnerabilities with a CVSS base score of 7.5. These vulnerabilities allow for remote attacks, including information disclosure, data manipulation, and cross-site scripting. Mitigation is available.
What changed
This advisory from CERT-Bund (WID-SEC-2026-0876) highlights multiple critical vulnerabilities in Znuny, an open-source ticketing software. The vulnerabilities, with a CVSS base score of 7.5, allow for remote attacks, including information disclosure, data manipulation, cross-site scripting (XSS), and security bypass. Affected versions include Znuny <7.3.1 and Znuny LTS <6.5.19.
Organizations using affected versions of Znuny must apply available mitigations immediately to prevent exploitation. This includes updating to a patched version or implementing specific security measures as recommended by the vendor. Failure to address these vulnerabilities could lead to significant data breaches, system compromise, and operational disruption.
What to do next
- Update Znuny to a version greater than 7.3.1 or 6.5.19 (LTS).
- Implement available mitigation strategies if immediate update is not possible.
- Review system logs for any signs of exploitation.
Source document (simplified)
[WID-SEC-2026-0876] Znuny: Mehrere Schwachstellen CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 25.03.2026 Stand 26.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
Produktbeschreibung
Znuny ist eine Open Source Ticketing Software.
Produkte
25.03.2026
- Znuny Znuny <7.3.1
- Znuny Znuny LTS <6.5.19
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Znuny ausnutzen, um Informationen offenzulegen, Daten zu manipulieren, Cross-Site-Scripting-Angriffe durchzuführen oder Sicherheitsmaßnahmen zu umgehen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.