CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate

/MEDIUM /CVSS 5.9/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycwe-295
CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate

CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared h

What This Means For You

  • If your environment is affected by CWE-295, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-48247 updates and patches.

Related ATT&CK Techniques

T1558.003 Steal or Forge Credentials Credential Access T1071.001 Web Protocols Command and Control T1190 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-48247 - Open ISES Tickets TLS Certificate Verification Disabled

Sigma YAML — free preview 
title: CVE-2026-48247 - Open ISES Tickets TLS Certificate Verification Disabled
id: scw-2026-05-21-ai-1
status: experimental
level: high
description: |
  Detects the specific configuration change in Open ISES Tickets (CVE-2026-48247) where TLS certificate verification is disabled by setting CURLOPT_SSL_VERIFYPEER to false in incs/functions.inc.php. This allows attackers to perform man-in-the-middle attacks.
author: SCW Feed Engine (AI-generated)
date: 2026-05-21
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-48247/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      TargetFilename|contains:
          - 'incs/functions.inc.php'
      CommandLine|contains:
          - 'CURLOPT_SSL_VERIFYPEER, false'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-48247 vulnerability CVE-2026-48247
CWE-295 weakness CWE-295

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 21, 2026 at 21:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate

CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound...

vulnerabilityCVEmedium-severitycwe-295
/SCW Vulnerability Desk /MEDIUM /5.9 /⚑ 2 IOCs

Open ISES Tickets CVE-2026-48242: Hardcoded MySQL Credentials Exposed

CVE-2026-48242 — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in...

vulnerabilityCVEhigh-severitycwe-798
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-48241: Hardcoded MySQL Credentials in Open ISES Tickets Expose Data

CVE-2026-48241 — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository....

vulnerabilityCVEhigh-severitycwe-798
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 3 Sigma