Zammad Security Vulnerabilities (CVEs)
Track 16 security vulnerabilities affecting Zammad products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows authenticated admin users in Zammad to perform Server-Side Request Forgery (SSRF) attacks. When webhooks return redirect res...
Apr 5, 2025This vulnerability in Zammad allows logged-in customers to view and manipulate shared article drafts intended only for agents. Customers can access co...
Apr 5, 2025This vulnerability in Zammad allows users with customer-level access to view time accounting details for tickets via the API, which should be restrict...
Apr 26, 2024This vulnerability in Zammad allows attackers to brute-force guessable FormIDs used in the upload cache, enabling them to inject malicious content int...
Apr 26, 2024This vulnerability in Zammad allows attackers to send excessive email verification requests to known addresses, causing denial of service through emai...
Dec 10, 2023This critical vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges by sending a specially crafted message ...
Feb 3, 2023CVE-2022-27332 is an authentication bypass vulnerability in Zammad v5.0.3 that allows unauthenticated attackers to write entries to the CTI caller log...
Apr 27, 2022CVE-2022-29700 is a vulnerability in Zammad v5.1.0 where lack of password length restriction allows attackers to create extremely long passwords, caus...
Apr 27, 2022Zammad 5.0.1 with certain LDAP configurations allows unauthorized access using existing user accounts. This authentication bypass vulnerability affect...
Feb 4, 2022This vulnerability allows authenticated Agent accounts in Zammad to escalate privileges to Administrator level by modifying account data through craft...
Oct 7, 2021This vulnerability in Zammad's REST API allows unauthorized disclosure of sensitive information. Attackers can access confidential data through API en...
Oct 7, 2021CVE-2021-42090 is a remote code execution vulnerability in Zammad's Form functionality due to unsafe deserialization. Attackers can execute arbitrary ...
Oct 7, 2021This vulnerability allows authenticated administrators in Zammad to execute arbitrary code on the server by manipulating trigger functionality. It aff...
Oct 7, 2021CVE-2021-42094 is a command injection vulnerability in Zammad that allows attackers to execute arbitrary commands on the server via custom Packages. T...
Oct 7, 2021This vulnerability in Zammad allows attackers to probe email connection configurations and obtain sensitive information like email server credentials....
Jun 28, 2021This vulnerability allows attackers to bypass authentication in Zammad's SSO endpoint by sending a crafted header when SSO is not configured. Attacker...
Dec 28, 2020Why Monitor Zammad Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 16+ known vulnerabilities affecting Zammad products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Zammad packages in under 60 seconds. No agents required - completely agentless scanning that works across Zammad deployments.
Free vulnerability database: Access detailed information about every Zammad CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Zammad CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
