Plattform
zammad
Komponente
zammad
Behoben in
6.5.5
7.0.1
CVE-2026-34721 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Zammad, a web-based helpdesk/customer support system. This flaw allows attackers to potentially execute unauthorized actions within a user's account by manipulating OAuth callback endpoints. The vulnerability impacts versions 6.5.0 through 7.0.0-alpha, and specifically those prior to 7.0.1. A fix is available in versions 6.5.4 and 7.0.1.
An attacker could exploit this CSRF vulnerability to impersonate a legitimate user and perform actions on their behalf within the Zammad system. This could include creating, modifying, or deleting tickets, accessing sensitive customer data, or even changing user settings. The impact is particularly severe if the attacker can target users with administrative privileges, potentially leading to complete control over the Zammad instance. Successful exploitation hinges on tricking a user into clicking a malicious link or visiting a crafted webpage while authenticated in Zammad.
CVE-2026-34721 was publicly disclosed on 2026-04-08. There is no indication of active exploitation at this time, and no public proof-of-concept (PoC) code has been released. The vulnerability has not been added to the CISA KEV catalog. The severity is pending evaluation.
Organizations using Zammad helpdesk systems, particularly those relying on external authentication providers like Microsoft, Google, and Facebook, are at risk. Shared hosting environments where multiple Zammad instances share the same server infrastructure could also be affected, as a compromise of one instance could potentially lead to the compromise of others.
• zammad / server:
grep -r 'OAuth callback' /var/www/zammad/app/controllers/• zammad / server:
journalctl -u zammad -f | grep "CSRF token validation"• generic web:
curl -I https://<zammad_instance>/oauth/microsoft/callback | grep 'CSRF-Token'disclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-34721 is to immediately upgrade Zammad to version 6.5.4 or 7.0.1. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the OAuth callback endpoints or implementing stricter input validation on those endpoints. While not a complete solution, these measures can reduce the attack surface. Monitor Zammad logs for suspicious activity related to OAuth authentication. After upgrading, confirm the fix by attempting to trigger an OAuth callback with a manipulated CSRF token and verifying that the action is rejected.
Aktualisieren Sie Zammad auf Version 7.0.1 oder höher oder auf Version 6.5.4 oder höher. Diese Versionen beheben die CSRF-Schwachstelle in den OAuth-Callback-Endpunkten, indem sie den CSRF-Statusparameter korrekt validieren.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-34721 is a Cross-Site Request Forgery (CSRF) vulnerability in Zammad helpdesk versions 6.5.0 through 7.0.0-alpha and before 7.0.1, allowing attackers to perform unauthorized actions.
You are affected if you are running Zammad versions 6.5.0 through 7.0.0-alpha, or versions prior to 7.0.1. Check your Zammad version and upgrade accordingly.
Upgrade Zammad to version 6.5.4 or 7.0.1. Consider temporary workarounds like CSRF protection on OAuth endpoints if immediate upgrade is not possible.
As of now, there are no known public exploits or active campaigns targeting CVE-2026-34721.
Refer to the official Zammad security advisory for detailed information and updates: [https://community.zammad.com/t/security-advisory-cve-2026-34721/36367]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.