Zammad AI Prompt Leak Could Expose Sensitive Customer Data

Read Time: 2 minutes
Share
Facebook Linkedin Youtube Pinterest

Written by: Zeeshan Ahmed

Table of Contents

Add us as a preferred source on Google »

April 8 2026 – CVE-2026-34837 discovered in the open-source helpdesk system Zammad.

The vulnerability was identified on April 8 2026, 7:25 p.m., by https://cvefeed.io/vuln/detail/CVE-2026-34837.

What We Know

  • The CVE ID is CVE-2026-34837.
  • Prior to version 7.0.1, Zammad’s REST endpoint POST /api/v1/ai_assistance/text_tools/:id fails to enforce authorization on context data supplied for AI prompts.
  • Context data (such as a group or organization) is inserted into the AI prompt without checking if it is accessible to the current user.
  • A user must have the ticket.agent permission to use the provided context data; otherwise, unauthorized information may appear in AI-generated responses.

Business Impact

Support agents often use AI tools to draft customer replies quickly. If a ticket agent accidentally uses data from an unrelated group or organization that they’re not authorized to view, the AI output can leak confidential customer or business information. This could:

  • Expose sensitive data to customers or competitors, undermining trust and brand reputation.
  • Trigger regulatory violations (e.g., GDPR, HIPAA) if the leaked data is personal or protected.
  • Result in financial loss from fines, litigation, or customer churn.

What To Do

  1. Upgrade immediately: Deploy Zammad version 7.0.1 (or later) where the issue is fixed.
  2. Verify permissions: Ensure that only users with ticket.agent rights can access AI context data.
  3. Audit logs: Monitor API calls to detect any unauthorized usage before patching.
  4. Disable AI features temporarily if a patch isn’t available or upgrade cannot be performed immediately; use manual responses until the fix is in place.

These actions are urgent, with a 1-to-2-week timeline for upgrading and verification.

The Bigger Picture

Open-source helpdesk systems like Zammad are increasingly popular, but they require vigilant security oversight. This incident highlights that even seemingly benign AI integrations can expose critical data if permissions aren’t rigorously enforced.

How We Can Help

DefendMyBusiness partners with over 400 technology providers to guide organizations in selecting and configuring secure solutions. For a quick assessment of your current environment, use our free security scan tool or contact us at https://defendmybusiness.com/contact.

Sources
https://cvefeed.io/vuln/detail/CVE-2026-34837

Picture of Zeeshan Ahmed

Zeeshan Ahmed

Unlock Expert Insights