Watch our latest webinar: What’s Real with AI in IT Right Now
OTRS Logo and Tagline
OTRS Logo and Tagline
Demo
Customer Support
fill 7
Service Management
Asset Management
Security Management
Technology Management
Task Management
Knowledge Management
Platform
How to Buy
FAQ
OTRS App
Services
Product
OTRS
OTRS is a flexible and customizable service management platform
Solution
Service Desk Solutions
Purpose-built solutions apply this system to specific service use cases.
Help Desk
Keep service running at the center.
Customer Service & Support
Ignite your customer connections.
IT Service Management
Shape your IT landscape.
Office Management
Keep your operations in motion.
HR Management
Keep your organization alive.
Cyber Defense – STORM
Defend your digital world.
Partners
Become a Partner
OTRS Partners
OTRS Academy
Webinars about OTRS
Public Trainings
OTRS Academy
Events
  • 27/10/2026
it-sa

it-sa is one of the largest dialog platforms for industry-specific IT security solutions. It will take place from October 27 to 29, 2026 in Nuremberg.
  • Trade Fair
OTRS Events
Recent Articles
How AI and Best Practices Create Personalized Service
Companies and their customers benefit from personalized service experiences. This
  • AI & Automation, Customer Service
Shadow AI and Its Risks
Shadow AI has become a major topic. This article explains
  • AI & Automation, Security & Compliance
View OTRS Blog
Case Studies with OTRS

OTRS success stories highlight how real customers use OTRS to improve service & automate business processes to achieve operational success.

Success Stories

Release Note

OTRS Security Advisory 2026-02

Please read carefully and check if the version of your OTRS system is affected by this vulnerability.

Please send information regarding vulnerabilities in OTRS to: security@otrs.org

PGP Key

  • pub 2048R/9C227C6B 2011-03-21
  • uid OTRS Security Team <security@otrs.org>
  • GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 7C6B

Security Advisory Details

  • ID: OSA-2026-02
  • Date: 2026-06-01
  • Title: SQL Injection via MySQL Quote Method
  • Severity CVSS v3.1: 9.1 Critical
  • Severity CVSS v4.0: 9.1 Critical
  • Urgency: Moderate (Amber)
  • Product: OTRS, ((OTRS)) Community Edition
  • Fixed in: OTRS 2026.4.x
  • CVSS VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N +++ CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber
  • References: CVE-2026-48188

SQL Injection via MySQL Quote Method

An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode.

PRODUCT AFFECTED:

This issue affects

OTRS:

  • 7.0.X
  • 8.0.X
  • 2023.X
  • 2024.X
  • 2025.X
  • 2026.X before 2026.4.X

(OTRS)) Community Edition:

  • 6.0.x
  • Products based on the ((OTRS)) Community Edition also very likely to be affected

Problem:

CWE-20 Improper Input Validation CWE-20

Impact:

CAPEC-115 Authentication Bypass CAPEC-115

Product Status

Product Affected
OTRS AG OTRS » Database Layer

Default status is affected

 7.0.X

8.0.X

2023.X

2024.X

2025.X

2026.X through 2026.3.X
OTRS AG ((OTRS)) Community Edition

Default status is affected

 6.x

 

SOLUTION:

Update to OTRS 2026.4.1. or later. Please note that there will be no OTRS 7 patches

WORKAROUND:

Reconfigure MySQL/MariaDB servernot to use NO_BACKSLASH_ESCAPES SQL

CREDITS:

Special thanks to Daniel Triznafor reporting this vulnerability

Release Details

  • Release:
    OTRS Security Advisory 2026-02
  • Release date:
    06/01/2026