Description
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.
Published: 2026-05-21
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises because the Open ISES Tickets application disables SSL certificate verification when performing outbound HTTPS requests. The shared helper functions set CURLOPT_SSL_VERIFYPEER to false and omit setting CURLOPT_SSL_VERIFYHOST, causing the client to accept any server certificate. As a result, an attacker who can observe traffic between the ticket server and an external HTTPS endpoint can present a forged certificate to intercept, monitor, or modify transmitted data, including API keys or session information. This weakness is classified as CWE‑295 (Improper Verification of Cryptographic Signature).

Affected Systems

The affected software is Open ISES Tickets prior to version 3.44.2. Every installation that uses the default helper functions for outbound HTTPS communication is vulnerable, regardless of the underlying operating system.

Risk and Exploitability

The CVSS score of 8.2 indicates high severity. Exploitation requires that the attacker be positioned on the network path between the ticketing server and the target HTTPS endpoint; therefore the attack vector is network‑level Man‑in‑the‑Middle. The EPSS score is unavailable and the vulnerability is not listed in CISA's KEV database. An attacker could effectively capture or alter confidential data, compromising confidentiality and integrity of the system without needing authentication.

Generated by OpenCVE AI on May 21, 2026 at 18:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open ISES Tickets to version 3.44.2 or later, where TLS certificate verification is enabled by default.
  • Until the upgrade can be performed, restrict outbound HTTPS traffic from the ticketing server to only trusted endpoints or route traffic through a proxy that enforces certificate validation.
  • Deploy network‑level monitoring or intrusion detection to alert on unexpected TLS certificates or anomalies in HTTPS handshakes, allowing detection of potential MitM activity.

Generated by OpenCVE AI on May 21, 2026 at 18:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.
Title Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-21T18:05:17.387Z

Reserved: 2026-05-21T13:15:18.102Z

Link: CVE-2026-48247

cve-icon Vulnrichment

Updated: 2026-05-21T18:05:14.166Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T18:16:21.910

Modified: 2026-05-21T19:10:12.323

Link: CVE-2026-48247

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T18:45:17Z

Weaknesses