threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zammad
Product
zammad
90 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34837
all versions
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/ai_assistance/te
4.3
MEDIUM
CVE-2026-34782
< 6.5.4
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/ai_as
4.3
MEDIUM
CVE-2026-34724
all versions
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability
7.2
HIGH
CVE-2026-34723
< 6.5.4
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers wer
7.5
HIGH
CVE-2026-34722
< 6.5.4
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creatio
4.3
MEDIUM
CVE-2026-34721
< 6.5.4
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Mic
6.5
MEDIUM
CVE-2026-34720
< 6.5.4
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not
4.3
MEDIUM
CVE-2026-34719
< 6.5.4
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a prop
4.3
MEDIUM
CVE-2026-34718
< 6.5.4
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articl
6.1
MEDIUM
CVE-2026-34248
all versions
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they
5.7
MEDIUM
CVE-2025-32360
>= 6.4.0 and < 6.4.2
In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts.
4.2
MEDIUM
CVE-2025-32359
>= 6.4.0 and < 6.4.2
In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authenticat
4.8
MEDIUM
CVE-2025-32358
>= 6.4.0 and < 6.4.2
In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST
4.0
MEDIUM
CVE-2025-32357
>= 6.4.0 and < 6.4.2
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowl
4.3
MEDIUM
CVE-2024-55578
all versions
Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.
4.3
MEDIUM
CVE-2024-36078
all versions
In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attac
6.7
MEDIUM
CVE-2024-33668
>= 6.2.0 and < 6.3.0
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify con
9.1
CRITICAL
CVE-2024-33667
>= 6.2.0 and < 6.3.0
An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling
6.5
MEDIUM
CVE-2024-33666
>= 6.2.0 and < 6.3.0
An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details
8.6
HIGH
CVE-2023-50457
all versions
An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers
4.3
MEDIUM
CVE-2023-50456
all versions
An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a craf
5.3
MEDIUM
CVE-2023-50455
all versions
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attac
7.5
HIGH
CVE-2023-50454
all versions
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external servi
5.9
MEDIUM
CVE-2023-50453
all versions
An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint r
5.3
MEDIUM
CVE-2023-31597
< 5.4.1
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the
6.5
MEDIUM
CVE-2023-29868
>= 5.3.0 and < 5.4.0
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles c
6.5
MEDIUM
CVE-2023-29867
>= 5.3.0 and < 5.4.0
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linke
6.5
MEDIUM
CVE-2022-48023
all versions
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their cust
4.3
MEDIUM
CVE-2022-48022
all versions
An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view informat
4.3
MEDIUM
CVE-2022-48021
all versions
A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to t
9.8
CRITICAL
CVE-2022-40817
>= 5.2.0 and < 5.2.2
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still
4.3
MEDIUM
CVE-2022-40816
>= 5.2.0 and < 5.2.2
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users
6.5
MEDIUM
CVE-2022-35490
all versions
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login cred
9.8
CRITICAL
CVE-2022-35489
all versions
In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than
6.5
MEDIUM
CVE-2022-35488
all versions
In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many
7.5
HIGH
CVE-2022-35487
all versions
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints
7.5
HIGH
CVE-2022-29701
all versions
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset re
7.5
HIGH
CVE-2022-29700
all versions
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denia
7.5
HIGH
CVE-2022-27332
< 5.1.0
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vuln
9.1
CRITICAL
CVE-2022-27331
< 5.1.0
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active applicati
4.3
MEDIUM
CVE-2021-44886
all versions
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the sa
5.3
MEDIUM
CVE-2021-43145
all versions
With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.
8.1
HIGH
CVE-2021-42137
< 5.0.1
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for view
5.3
MEDIUM
CVE-2021-42091
< 4.1.1
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.
9.1
CRITICAL
CVE-2021-42090
< 4.1.1
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mis
9.8
CRITICAL
CVE-2021-42089
< 4.1.1
An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.
7.5
HIGH
CVE-2021-42088
< 4.1.1
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.
6.1
MEDIUM
CVE-2021-42087
< 4.1.1
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.
4.9
MEDIUM
CVE-2021-42086
< 4.1.1
An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted req
8.8
HIGH
CVE-2021-42085
< 4.1.1
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.
5.4
MEDIUM
CVE-2021-42084
< 4.1.1
An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests tha
6.5
MEDIUM
CVE-2021-42094
< 4.1.1
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.
9.8
CRITICAL
CVE-2021-42093
< 4.1.1
An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates tri
7.2
HIGH
CVE-2021-42092
< 4.1.1
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
5.4
MEDIUM
CVE-2021-35303
>= 1.0.0 and <= 4.0.0
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the Use
6.1
MEDIUM
CVE-2021-35302
>= 1.0.0 and <= 4.0.0
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.
5.3
MEDIUM
CVE-2021-35301
>= 1.0.0 and <= 4.0.0
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Articl
5.3
MEDIUM
CVE-2021-35300
>= 1.0.0 and <= 4.0.0
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visi
4.3
MEDIUM
CVE-2021-35299
>= 1.0.0 and <= 4.0.0
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configu
7.5
HIGH
CVE-2021-35298
>= 1.0.0 and <= 4.0.0
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multipl
6.1
MEDIUM
CVE-2020-29160
< 3.5.1
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that def
7.5
HIGH
CVE-2020-29159
< 3.5.1
An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if con
4.9
MEDIUM
CVE-2020-29158
< 3.5.1
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control o
4.3
MEDIUM
CVE-2020-26035
>= 1.0.0 and < 3.4.1
An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.
5.4
MEDIUM
CVE-2020-26034
>= 1.0.0 and < 3.4.1
An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that wou
4.3
MEDIUM
CVE-2020-26033
>= 1.0.0 and < 3.4.1
An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.
5.4
MEDIUM
CVE-2020-26032
>= 1.0.0 and < 3.4.1
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way tha
7.5
HIGH
CVE-2020-26031
>= 1.0.0 and < 3.4.1
An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (w
4.3
MEDIUM
CVE-2020-26030
>= 1.0.0 and < 3.4.1
An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when S
9.8
CRITICAL
CVE-2020-26029
>= 1.0.0 and < 3.4.1
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of
6.5
MEDIUM
CVE-2020-26028
>= 1.0.0 and < 3.4.1
An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.
4.9
MEDIUM
CVE-2020-14214
< 3.3.1
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An a
6.5
MEDIUM
CVE-2020-14213
< 3.3.1
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, o
5.4
MEDIUM
CVE-2020-10105
>= 1.0.0 and <= 3.2.0
An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request,
5.3
MEDIUM
CVE-2020-10104
>= 1.0.0 and <= 3.2.0
An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may b
4.3
MEDIUM
CVE-2020-10103
>= 1.0.0 and <= 3.2.0
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Up
5.4
MEDIUM
CVE-2020-10102
>= 1.0.0 and <= 3.2.0
An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password functionality is implemented in a way that would enable an
5.3
MEDIUM
CVE-2020-10101
>= 1.0.0 and <= 3.2.0
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an at
7.5
HIGH
CVE-2020-10100
>= 1.0.0 and <= 3.2.0
An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific cu
6.5
MEDIUM
CVE-2020-10099
>= 1.0.0 and <= 3.2.0
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket
5.4
MEDIUM
CVE-2020-10098
>= 1.0.0 and <= 3.2.0
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email f
5.4
MEDIUM
CVE-2020-10097
>= 1.0.0 and <= 3.2.0
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application o
5.3
MEDIUM
CVE-2020-10096
>= 1.0.0 and <= 3.2.0
An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An atta
7.5
HIGH
CVE-2019-1010018
>= 2.1.0 and <= 2.1.2
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code
6.1
MEDIUM
CVE-2018-1000154
<= 2.3.0
Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80)
6.1
MEDIUM
CVE-2017-6081
<= 1.0.3
A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an a
8.8
HIGH
CVE-2017-6080
<= 1.0.3
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechani
9.8
CRITICAL
CVE-2017-5621
<= 1.0.3
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTM
6.1
MEDIUM
CVE-2017-5620
<= 1.0.3
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new ta
6.1
MEDIUM
CVE-2017-5619
<= 1.0.3
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed pa
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin