Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Zammad |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Zammad |
|
References
History
Wed, 08 Apr 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Zammad
Zammad zammad |
|
| Vendors & Products |
Zammad
Zammad zammad |
Wed, 08 Apr 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4. | |
| Title | Zammad has an origin validation error in SSO mechanism | |
| Weaknesses | CWE-346 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-04-08T18:11:23.538Z
Reserved: 2026-03-30T18:41:20.753Z
Link: CVE-2026-34720
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2026-04-08T19:25:22.150
Modified: 2026-04-08T21:26:13.410
Link: CVE-2026-34720
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-04-08T20:12:39Z