CVE-2025-26846 — Missing Authorization in Znuny

Severity

9.8CRITICALNVD

EPSS

0.4%

top 39.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 12

Description

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶debiandebian/znuny< znuny 6.5.13-1 (forky)

▶Debianznuny/znuny< 6.5.13-1+1

▶NVDznuny/znuny6.0.0 — 6.0.48+2

OSV

CVE-2025-26846: An issue was discovered in Znuny before 7↗2025-05-12

▶

GHSA

GHSA-m53m-r8mm-799v: An issue was discovered in Znuny before 7↗2025-05-12

▶

Debian

CVE-2025-26846: znuny - An issue was discovered in Znuny before 7.1.4. Permissions are not checked prope...↗2025

▶