CVE-2026-14871

CVE-2026-14871CVE-2026-14871

Description

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization (BOLA) leading to Insecure Direct Object Reference (IDOR) in the AJAX ticket-management subsystem.

Scoring

Last modified2026-07-17
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.