CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate
CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation
What This Means For You
- If your environment is affected by CWE-295, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-48246 updates and patches.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-48246 | vulnerability | CVE-2026-48246 |
| CWE-295 | weakness | CWE-295 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 21, 2026 at 21:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate
CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound...
Open ISES Tickets CVE-2026-48242: Hardcoded MySQL Credentials Exposed
CVE-2026-48242 — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in...
CVE-2026-48241: Hardcoded MySQL Credentials in Open ISES Tickets Expose Data
CVE-2026-48241 — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository....