Vulnerability Description
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database if it is reachable from their network.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2d
- https://github.com/openises/tickets/releases/tag/v3.44.2
- https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-mysql-credentia
FAQ
What is CVE-2026-48241?
CVE-2026-48241 is a vulnerability with a CVSS score of 8.1 (HIGH). Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the...
How severe is CVE-2026-48241?
CVE-2026-48241 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-48241?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.