CVE-2026-34724 describes a Remote Code Execution (RCE) vulnerability discovered in Zammad, a web-based helpdesk/customer support system. This flaw allows an attacker to potentially execute arbitrary code through server-side template injection, specifically when manipulating typeenrichmentdata within the AI Agent feature. The vulnerability affects Zammad versions 7.0.0 and prior to 7.0.1. A fix is available in version 7.0.1.
The impact of CVE-2026-34724 is significant due to its potential for Remote Code Execution. Successful exploitation would allow an attacker to gain control over the Zammad server, potentially leading to data breaches, system compromise, and disruption of helpdesk operations. The vulnerability is limited to environments where an attacker can control or influence the typeenrichmentdata, typically requiring administrative privileges. This means an attacker needs to have some level of access or influence over the Zammad configuration to exploit the vulnerability. A successful attack could allow an attacker to read sensitive customer data, modify support tickets, or even install malware on the server.
CVE-2026-34724 was publicly disclosed on 2026-04-08. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. Given the RCE nature of the vulnerability and the potential for impact, it is recommended to prioritize remediation.
Organizations using Zammad as their helpdesk/customer support system, particularly those with administrative users who may inadvertently introduce malicious data into the typeenrichmentdata configuration, are at risk. Shared hosting environments where multiple Zammad instances share resources could also be vulnerable if one instance is compromised.
• zammad: Examine Zammad logs for unusual activity or errors related to the AI Agent feature, specifically looking for attempts to manipulate typeenrichmentdata.
• generic web: Use curl to probe the Zammad instance for potential template injection points.
curl -X POST 'https://zammad.example.com/api/v1/ai_agent/enrichment' -d '{"type_enrichment_data": "<script>alert(\"XSS\")</script>"}'• generic web: Check access and error logs for suspicious requests or error messages related to template processing.
disclosure
漏洞利用状态
EPSS
0.06% (18% 百分位)
CISA SSVC
The primary mitigation for CVE-2026-34724 is to immediately upgrade Zammad to version 7.0.1 or later. If upgrading is not immediately feasible, restrict access to the typeenrichmentdata configuration to trusted users only. Carefully review and validate any data being passed to the AI Agent feature. Consider implementing a Web Application Firewall (WAF) with rules to detect and block suspicious template injection attempts. Monitor Zammad logs for unusual activity or errors related to the AI Agent feature. After upgrading, confirm the fix by attempting to trigger the vulnerable template injection scenario and verifying that it is no longer exploitable.
将Zammad升级到7.0.1或更高版本,以缓解通过AI Agent的服务器端模板注入漏洞。请务必审查并限制对'type_enrichment_data'配置的访问,以防止具有高权限的攻击者利用。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-34724 is a Remote Code Execution vulnerability in Zammad helpdesk systems, allowing attackers to potentially execute code via server-side template injection in the AI Agent feature.
You are affected if you are running Zammad versions 7.0.0 or earlier. Upgrade to 7.0.1 to mitigate the risk.
Upgrade Zammad to version 7.0.1 or later. Restrict access to the typeenrichmentdata configuration if immediate upgrade is not possible.
There are currently no confirmed reports of active exploitation, but the RCE nature warrants prompt remediation.
Refer to the official Zammad security advisory for detailed information and updates: [https://docs.zammad.com/en/latest/security/advisories/](https://docs.zammad.com/en/latest/security/advisories/)