CVE-2025-26846

Critical CVSS: 9.8

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.

Vendor

Product

CWE

Yayın Tarihi

2025-05-12 15:15:59

Güncelleme

2025-06-13 13:51:43

Source Identifier

cve@mitre.org

KEV Date Added

CWE-862 Znuny CRITICAL Znuny 2025

https://www.znuny.com https://www.znuny.org/en/advisories/zsa-2025-02

Critical

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can us…

High

CVE-2025-26847

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.

Medium

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateA…

High

CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-ma…

Critical

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.