Which versions of Open ISES Tickets are affected by CVE-2026-48241?

Open ISES Tickets versions before 3.44.2 expose database credentials in a publicly accessible configuration file, enabling direct database compromise for any user with source code access.. A patch is available.

Open ISES Tickets CVE-2026-48241

Q: What is the CVSS score of CVE-2026-48241?

CVE-2026-48241 has a CVSS 4.0 base score of 9.2 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-31321 CRITICAL

Use of Hard-coded Credentials (CWE-798)

2026-05-21 VulnCheck

GHSA-3m3w-vxfv-jm2w

PHP Authentication Bypass

9.2

CVSS 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 21, 2026 - 18:30 vuln.today

Analysis Generated

May 21, 2026 - 18:30 vuln.today

Severity Changed

May 21, 2026 - 18:22 NVD

HIGH CRITICAL

CVSS changed

May 21, 2026 - 18:22 NVD

8.1 (HIGH) 9.2 (CRITICAL)

DescriptionNVD

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database if it is reachable from their network.

AnalysisAI

Hardcoded MySQL credentials in Open ISES Tickets before 3.44.2 expose database username, password, and database name through a public-facing loader.php utility that was committed to the source repository. Any user able to read the source tree on GitHub or fetch the file from a deployed installation can connect to the backing database if reachable, leading to full read/write access. …

RemediationAI

Within 24 hours: Rotate all MySQL database credentials used by Open ISES Tickets; restrict database network access to the application server only; enable database connection logging. Within 7 days: Upgrade all instances to Open ISES Tickets version 3.44.2 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-48241 vulnerability details – vuln.today

Back

Open ISES Tickets CVE-2026-48241

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Open ISES Tickets CVE-2026-48241

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code