{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26895", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-02T18:05:15.423Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-04-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-02T16:26:09.145Z"}, "descriptions": [{"lang": "en", "value": "User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://osticket.com"}, {"url": "https://csacyber.com/blog/osticket-timing-vulnerability-understanding-the-risk"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-203", "lang": "en", "description": "CWE-203 Observable Discrepancy"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:04:47.066655Z", "id": "CVE-2026-26895", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:05:15.423Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26895", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-02T18:05:15.423Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-04-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-02T16:26:09.145Z"}, "descriptions": [{"lang": "en", "value": "User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://osticket.com"}, {"url": "https://csacyber.com/blog/osticket-timing-vulnerability-understanding-the-risk"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26895", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T18:04:47.066655Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:03:30.376Z"}}]}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*", "matchCriteriaId": "A63ADC69-74EE-4435-B76D-BC21BBE64600", "versionEndExcluding": "1.18.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform."}], "id": "CVE-2026-26895", "lastModified": "2026-04-07T16:01:01.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-02T17:16:21.833", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "http://osticket.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://csacyber.com/blog/osticket-timing-vulnerability-understanding-the-risk"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.18.2"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "osticket", "vendor": "osticket"}], "analysis": {"en": {"generated_at": "2026-04-07T23:05:44.281309+00:00", "value": {"mitigation_remediation": ["Upgrade osTicket to the latest available version that has removed the enumeration flaw (e.g., 1.18.3 or newer).", "If an upgrade is not immediately possible, limit access to the /pwreset.php page using firewall rules, reverse\u2011proxy restrictions, or IP whitelisting to reduce the attack surface.", "Ensure that error messages or response times from the password reset functionality do not differ between valid and invalid usernames, so that the application no longer leaks account existence information."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects installations of osTicket running version\u202f1.18.2. The affected product is osTicket, published by Enhancesoft, as indicated by the CPE string for enhancesoft:osticket. Any deployment that has not applied subsequent fixes in later releases is susceptible.", "description_and_impact": "A user enumeration flaw exists in the password reset page of osTicket 1.18.2 that allows a remote attacker to determine whether a specific username is registered on the system. The flaw arises because the application provides different responses for valid versus invalid usernames, enabling an attacker to infer account existence. This type of weakness falls under the Common Weakness Enumeration category CWE\u2011203, which covers insufficient output information leading to information disclosure.", "risk_and_exploitability": "The flaw carries a CVSS score of 5.3, indicating moderate severity, and an EPSS score of less than 1\u202f%, suggesting a low probability of exploitation at this time. It is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker can exploit the vulnerability remotely by sending crafted HTTP requests to the /pwreset.php endpoint; no authentication is required, and the attack can be performed from any network that can reach the web server."}}}}, "created": "2026-04-03T07:36:19.855990+00:00", "updated": "2026-04-08T19:56:37.366409+00:00", "vendors": ["osticket", "osticket$PRODUCT$osticket"]}