CVE-2026-34719 — MEDIUM (4.3)

Q: How severe is CVE-2026-34719?

CVE-2026-34719 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-34719?

Check the references section above for vendor advisories and patch information. Affected products include: Zammad Zammad.

Vulnerability Description

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme (HTTP/HTTPS) as well as the hostname was checked. This could end up in retrieving confidential metadata of cloud/hosting providers. The existing check is now extended and is applied when configuring webhooks as well as triggering webhook jobs. This vulnerability is fixed in 7.0.1 and 6.5.4.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Zammad	Zammad	< 6.5.4

Related Weaknesses (CWE)

CWE-918

References

https://github.com/zammad/zammad/security/advisories/GHSA-2vgc-vfh2-rw75Vendor Advisory

FAQ

What is CVE-2026-34719?

CVE-2026-34719 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only ...

How severe is CVE-2026-34719?

CVE-2026-34719 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-34719?

Check the references section above for vendor advisories and patch information. Affected products include: Zammad Zammad.