CVE-2026-6060 MEDIUM

CVE-2026-6060: Possible DoS via SQL Box

Vendor Otrs Ag
Product OTRS
Weakness CWE-400
Published April 20, 2026
Last update April 20, 2026

CVSS base score

4.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS:  * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.3.X

Key dates

02Disclosure timeline

April 20, 2026 CVE published
April 20, 2026 Record updated

Related vulnerabilities

04Related CVE