CVE-2026-22200 is a high-severity vulnerability affecting Enhancesoft's osTicket. The CVSS score of 8.7 highlights the critical nature of this flaw. This vulnerability allows a remote attacker to exploit the ticket PDF export functionality to read arbitrary files from the server's filesystem. Attackers can craft tickets containing rich-text HTML with PHP filter expressions, which are insufficiently sanitized before being processed. This exploit can lead to the disclosure of sensitive files in the context of the osTicket application user.
This issue is particularly dangerous in default configurations where guests can create tickets or where self-registration is enabled. Organizations using affected versions of osTicket must act quickly. Immediate patching is crucial to mitigate the risk of data exposure.
Understanding the real-world risk context is vital. If exploited, this vulnerability could lead to significant information leakage, potentially impacting user privacy and organizational integrity. Given the urgency of the situation, organizations should prioritize patching immediately.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)