Skip to main content

Suse CVE-2026-6060

| EUVDEUVD-2026-23933 MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2026-04-20 OTRS
4.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.5 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 20, 2026 - 19:30 vuln.today
EUVD ID Assigned
Apr 20, 2026 - 19:00 euvd
EUVD-2026-23933
Analysis Generated
Apr 20, 2026 - 19:00 vuln.today
CVE Published
Apr 20, 2026 - 18:20 nvd
MEDIUM 4.5

DescriptionCVE.org

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS:

  • 7.0.X
  • 8.0.X
  • 2023.X
  • 2024.X
  • 2025.X
  • 2026.X before 2026.3.X

AnalysisAI

Uncontrolled resource consumption in OTRS admin interface SQL Box causes denial of service against the webserver, affecting OTRS 7.0.x, 8.0.x, 2023.x, 2024.x, 2025.x, and 2026.x before 2026.3. The vulnerability requires high-privilege admin access and user interaction, limiting real-world impact to authenticated administrators performing deliberate actions. No public exploit code or active exploitation has been identified.

Technical ContextAI

The SQL Box feature in OTRS admin interface implements a query execution mechanism vulnerable to resource exhaustion (CWE-400: Uncontrolled Resource Consumption). This administrative tool, intended for system maintenance tasks, lacks proper input validation or execution resource limits on SQL queries executed through the web interface. The vulnerability allows a malicious admin to craft SQL statements that consume excessive CPU, memory, or I/O resources on the webserver, causing performance degradation or service unavailability. The CPE cpe:2.3:a:otrs_ag:otrs:*:*:*:*:*:*:*:* indicates the entire OTRS product line is affected across all architectures and implementations.

RemediationAI

Upgrade OTRS to version 2026.3 or later to resolve the SQL Box resource consumption issue. For administrators unable to immediately upgrade, implement access control restrictions on the admin interface by limiting SQL Box feature access to a minimal set of trusted administrators, or disable the SQL Box feature entirely if not required for operational maintenance. Monitor webserver process resource utilization (CPU, memory) and establish alerts for anomalous consumption patterns that may indicate exploitation attempts. The vendor advisory at https://otrs.com/release-notes/otrs-security-advisory-2026-01/ provides additional context and should be reviewed before patching to ensure compatibility with local customizations.

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2026-6060 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy