Description

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/ai_assistance/text_tools/:id contains an authorization failure. Context data (e.g., a group or organization) supplied to be used in the AI prompt were not checked if they are accessible for the current user. This leads to having data present in the AI prompt that were not authorized before being used. A user needs to have ticket.agent permission to be able to use the provided context data. This vulnerability is fixed in 7.0.1.

INFO

Published Date :

2026-04-08T18:20:00.977Z

Last Modified :

2026-04-08T19:52:03.644Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34837 vulnerability.

Vendors Products
Zammad
  • Zammad
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34837.

URL Resource
https://github.com/zammad/zammad/security/advisories/GHSA-89vv-6639-wcv8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability