CVE-2026-34724

Zammad has a server-side template injection leading to RCE via AI Agent

Description

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence type_enrichment_data (typically high-privilege administrative configuration). This vulnerability is fixed in 7.0.1.

INFO

Published Date :

2026-04-08T18:17:30.178Z

Last Modified :

2026-04-09T16:17:29.350Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-34724 vulnerability.

Vendors	Products
Zammad	Zammad

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34724.

URL	Resource
https://github.com/zammad/zammad/security/advisories/GHSA-fg9w-jg8f-4j94

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability