AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-34724: Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vul

highvulnerability

security

Source: NVD/CVE DatabaseApril 8, 2026CVE-2026-34724

Summary

Zammad, a web-based customer support system, had a server-side template injection vulnerability (a flaw where attackers can inject malicious code into templates that the server processes) in versions before 7.0.1 that could lead to RCE (remote code execution, where an attacker can run commands on a system they don't own). The vulnerability only affects systems where an attacker has administrative access to control the type_enrichment_data configuration setting.

Solution / Mitigation

This vulnerability is fixed in version 7.0.1. Users should upgrade to Zammad 7.0.1 or later.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

April 8, 2026

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedAgent

Taxonomy References

CWE (Weakness Type)

CWE-94 CWE-1336

CAPEC (Attack Pattern)

CAPEC-242

Affected Vendors

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-34724

First tracked: April 8, 2026 at 08:07 PM

Classified by LLM (prompt v3) · confidence: 85%