CVE-2026-48242HIGH 8.1EPSS p21.1%

CVE-2026-48242CVE-2026-48242

Description

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.30% probability of exploitation · percentile 21.1% · 2026-06-19T12:03:05Z
Published2026-05-21
Last modified2026-05-21

Underlying weaknesses· 1

CWE-798

References

  1. https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff
  2. https://github.com/openises/tickets/releases/tag/v3.44.2
  3. https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-mysql-credentials-in-import-mdb-php

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-48241
CVE
CVE-2026-48235
CVE
CVE-2026-3133
CVE
CVE-2026-29861
CVE
CVE-2026-49191
CVE
CVE-2026-22906
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.