CVE ID :CVE-2026-48248
Published : May 21, 2026, 6:16 p.m. | 59 minutes ago
Description :Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More