moltenbit

New blog post: I found two authorization bypasses in Zammad's new AI text tools feature, two weeks after 7.0 shipped. Any agent could execute group-restricted tools and pull ticket data from other groups via a single API call.

Patched in 7.0.1, three CVEs from this audit.

https://moltenbit.net/posts/bypassing-zammad-ai-text-tool-authorization-via-rest-api/

#infosec #zammad #cybersecurity #responsibleDisclosure #security

Bypassing Zammad's AI text tool authorization via REST API (CVE-2026-34782 / CVE-2026-34837)

How missing authorization checks in Zammad's REST API let agents execute group-restricted AI text tools and inject unauthorized ticket context into AI prompts.

moltenbit
Apr 8 at 2:38pmWeb