Description
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.
Published: 2026-05-21
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open ISES Tickets before version 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting the PHP cURL option CURLOPT_SSL_VERIFYPEER to false and not setting CURLOPT_SSL_VERIFYHOST when issuing outbound HTTPS requests during authentication. This flaw lets an attacker positioned on the network path between the Ticket server and the remote endpoint present a forged certificate, intercepting, monitoring, or modifying the traffic, including API keys or session‑bearing data. The vulnerability compromises confidentiality and integrity of authentication data and can lead to credential theft or session hijacking. The weakness is a certificate validation failure (CWE‑295).

Affected Systems

The affected product is Open ISES Tickets. All releases prior to 3.44.2 are impacted. The latest release no longer disables certificate verification. Users of older versions should verify their production environment is running 3.44.2 or later.

Risk and Exploitability

The CVSS score of 8.2 classifies the issue as High severity. The EPSS score of 0.00028 (under 1%) indicates a very low probability of exploitation in the wild, but the vulnerability is still technically exploitable by any attacker who can sit on the network path between the Ticket server and the remote authentication endpoint. No user interaction or authentication beyond the normal login flow is required, allowing remote exploitation through a man‑in‑the‑middle attack. The combination of a high severity rating, network‑level attack vector, and the ability to capture credentials or session data results in a significant risk for exposed environments, even though the EPSS suggests low exploitation likelihood.

Generated by OpenCVE AI on May 26, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open ISES Tickets to version 3.44.2 or newer, which restores proper TLS certificate verification.
  • If upgrading is not feasible, patch the incs/login.inc.php file to set CURLOPT_SSL_VERIFYPEER to true and enable CURLOPT_SSL_VERIFYHOST, ensuring that the application validates remote certificates during authentication calls.
  • Restrict outbound network traffic from the Ticket server to the trusted authentication endpoint using firewall rules or VPNs to mitigate the risk of a man‑in‑the‑middle attacker.

Generated by OpenCVE AI on May 26, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit. Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.

Sat, 23 May 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Openises
Openises tickets
Vendors & Products Openises
Openises tickets

Thu, 21 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.
Title Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openises Tickets
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T11:52:19.774Z

Reserved: 2026-05-21T13:15:18.102Z

Link: CVE-2026-48248

cve-icon Vulnrichment

Updated: 2026-05-23T02:25:30.756Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T18:16:22.037

Modified: 2026-05-26T14:16:39.250

Link: CVE-2026-48248

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:00:11Z

Weaknesses