HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-48188Published Modified CNA OTRS

CVE-2026-48188: SQL Injection via MySQL Quote Method

An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X * (OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

Metrics

CVSS v3.1
9.1
Severity
CRITICAL
Fixed in
Affected Products
2

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

SQL injection in the OTRS and ((OTRS)) Community Edition database layer allows an unauthenticated remote attacker to inject arbitrary SQL through a flaw in how the MySQL quote method handles input when the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. The vulnerability is reachable over the network with no credentials required and no user interaction needed. Successful exploitation enables authentication bypass, full read access to sensitive database contents, and modification of persisted data. No fix version has been published yet; HarborGuard tracks this advisory and will make a patched-image rebuild available as soon as upstream ships a fix.

HarborGuard Coverage

Detection

Detection for CVE-2026-48188 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle OTRS or ((OTRS)) Community Edition. Coverage extends to all image layers and derived images built on affected base versions.

Available
Triage

Triage is available using the CVSS v3.1 score of 9.1 (Critical), weighted against each customer environment's compliance policy to prioritize and route alerts to the appropriate team inbox. Per-environment context, such as whether the scanned image is deployed facing the internet, is factored into urgency signals surfaced in the HarborGuard dashboard.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks this advisory each ingest cycle and will make a patched-image rebuild available the moment a fix version is released. In the interim, HarborGuard surfaces compensating-control recommendations, including network-policy isolation and MySQL/MariaDB configuration guidance, directly in the advisory detail for affected images.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable endpoint is exposed over the network, meaning an attacker must be able to reach the OTRS service via HTTP/S from any network-adjacent or internet-facing position.

  • AuthenticationNot required

    No credentials of any kind are needed; the injection point is reachable by a completely unauthenticated request.

  • Victim interactionNot required

    The attacker sends a crafted request directly to the server; no user action or social engineering is involved.

  • Attack complexityDetail

    Exploit reliability is high under baseline conditions, though exploitation requires the target MySQL/MariaDB server to be configured with the NO_BACKSLASH_ESCAPES SQL mode, which is a specific but not uncommon server-side configuration.

Blast Radius

  • Attacker bypasses the authentication layer entirely and gains access to the application as an arbitrary or privileged user.
  • Attacker reads stored user credentials, session tokens, customer records, and ticket data from the OTRS database.
  • Attacker modifies persisted database rows, including user account data, access control entries, and ticket contents.
  • Confidentiality and integrity of all data accessible to the OTRS database user are fully compromised; availability is not directly impacted by this vector.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for CVE-2026-48188 at this time, HarborGuard monitors the OTRS advisory each ingest cycle and will automatically make a patched-image rebuild available and trigger the auto-remediation flow (rebuild, regression run, and PR against affected workloads) for customers with that option enabled, the moment a fix version is published. While awaiting a patch, HarborGuard surfaces compensating-control guidance for affected images: restrict network access to OTRS instances using Kubernetes NetworkPolicy or equivalent egress filtering so that only trusted internal clients can reach the service; audit MySQL/MariaDB server configuration and evaluate whether the NO_BACKSLASH_ESCAPES SQL mode can be disabled without breaking application behavior, as doing so removes the precondition this vulnerability requires. Customers with compliance policies that flag Critical-severity unpatched CVEs will find this issue routed to the appropriate inbox automatically.

See how HarborGuard automates this
Affected packages
  • OTRS AG / OTRS
    7.0.x · 8.0.x · 2023.x · 2024.x · 2025.x · ≤ 2026.3.x
  • OTRS AG / ((OTRS)) Community Edition
    6.x
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References