CVE-2026-48187

EUVD-2026-33553
An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS:

  *  8.0.X
  *  2023.X
  *  2024.X
  *  2025.X
  *  2026.X before 2026.4.X

Please note that ((OTRS)) Community Edition 6.x, OTRS 7.x and products based on the ((OTRS)) Community Edition also very likely to be affected
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
OTRSCNA
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
otrsotrs
8.0.0 ≤
𝑥
< 8.1.0
CNA
otrsotrs
2023.0 ≤
𝑥
< 2024.0
CNA
otrsotrs
2024.0 ≤
𝑥
< 2025.0
CNA
otrsotrs
2025.0 ≤
𝑥
< 2026.0
CNA
otrsotrs
2026.0 ≤
CNA
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://otrs.com/release-notes/otrs-security-advisory-2026-06/