CVE-2026-14871
EUVD-2026-4518617.07.2026, 16:17
osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization (BOLA) leading to Insecure Direct Object Reference (IDOR) in the AJAX ticket-management subsystem.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| osticket | osticket | 1.18.3 | CNA |
| osticket | osticket | 1.17.7 | CNA |