What is GHSA-gfw4-qw54-w5p8?

GHSA-gfw4-qw54-w5p8 is a security advisory published by GitHub Security Advisories with Low severity. An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above)...

Which CVE IDs does GHSA-gfw4-qw54-w5p8 cover?

GHSA-gfw4-qw54-w5p8 covers the following CVE IDs: CVE-2026-48191. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-gfw4-qw54-w5p8?

GHSA-gfw4-qw54-w5p8 has a CVSS v3 base score of 3.5, published by GitHub Security Advisories.

GHSA-gfw4-qw54-w5p8LowCVSS 3.5

An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above)...

Vendor

GitHub Security Advisories

Published

June 1, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-48191 →

📋 Description

An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them.

This issue affects OTRS with STORM modules:

7.0.X
8.0.X
2023.X
2024.X
2025.X
2026.X before 2026.4.X

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-48191
https://otrs.com/release-notes/otrs-security-advisory-2026-05
https://github.com/advisories/GHSA-gfw4-qw54-w5p8