Description
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.
Published: 2026-05-21
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open ISES Tickets before version 3.44.2 disables TLS certificate verification in the login flow by setting the PHP cURL option to accept any certificate. This flaw allows a network attacker to present a forged HTTPS certificate and intercept, monitor, or alter data sent to or received from the remote endpoint, including API keys or credential information. The vulnerability can compromise the confidentiality and integrity of authentication traffic and may lead to credential theft or session hijacking. The weakness is a classic certificate validation failure (CWE‑295).

Affected Systems

The affected product is Open ISES Tickets. All releases prior to 3.44.2 are impacted. The latest release no longer disables certificate verification. Users of older versions should verify their production environment is running 3.44.2 or later.

Risk and Exploitability

The CVSS score of 8.2 classifies the issue as High severity. While the EPSS score is not available, the lack of KEV listing does not reduce the risk; the vulnerability is exploitable by any attacker who can sit on the network path between the Ticket server and the remote endpoint used for authentication. No user interaction or authentication is required beyond the normal login flow, making remote exploitation straightforward. The combination of a high severity rating, network‑level attack vector, and the ability to capture credentials implies elevated risk for exposed environments.

Generated by OpenCVE AI on May 21, 2026 at 18:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open ISES Tickets to version 3.44.2 or newer, which restores proper TLS certificate verification.
  • If upgrading is not feasible, patch the incs/login.inc.php file to set CURLOPT_SSL_VERIFYPEER to true and enable CURLOPT_SSL_VERIFYHOST, ensuring that the application validates remote certificates during authentication calls.
  • Restrict outbound network traffic from the Ticket server to the trusted authentication endpoint using firewall rules or VPNs to mitigate the risk of a man‑in‑the‑middle attacker.

Generated by OpenCVE AI on May 21, 2026 at 18:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.
Title Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-21T17:11:17.519Z

Reserved: 2026-05-21T13:15:18.102Z

Link: CVE-2026-48248

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-21T18:16:22.037

Modified: 2026-05-21T19:10:12.323

Link: CVE-2026-48248

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T18:45:17Z

Weaknesses