Home / Vulnerability Intelligence / CVE-2026-34724

CVE-2026-34724 - Vulnerability Analysis

N/a

Last Updated: April 8, 2026

Zammad - Server-Side Template Injection

Published: April 8, 2026Updated: April 8, 2026PoC Available

Overview

Zammad < 7.0.1 contains a server-side template injection caused by improper handling of type_enrichment_data in AI Agent, letting attackers with high-privilege administrative access execute remote code.

Severity & Score

Severity: N/a

Impact

Attackers with high-privilege administrative access can execute arbitrary code remotely, potentially compromising the server.

Mitigation

Upgrade to version 7.0.1 or later.

References

https://github.com/zammad/zammad/security/advisories/GHSA-fg9w-jg8f-4j94

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34724
Severity: N/a
Type: template_injection
Status: unconfirmed

CWE

CWE-94

CVSS Metrics

N/A