Donate Telegram

CVE-2026-26895

NONE

Apr 02, 2026

Updated Apr 02, 2026

PHP

Parameter	Value
Vendor	PHP
Public PoC	No

User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.

References 2

http://osticket.com

https://csacyber.com/blog/osticket-timing-vulnerability-understanding-the-risk

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33691

Coreruleset

CVE-2026-5344

PHP

CVE-2026-34974

PHP

CVE-2026-34973

PHP

CVE-2026-32629

PHP

CVE Details

CVE ID

CVE-2026-26895

Published Date

Apr 02, 2026

Vendor

PHP

Severity

NONE

Impact

Minimal impact

Source

Editor's Choice