CVE-2026-48245

Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in tables.php

CVSS 6.9 MEDIUMEPSS 0.2%CWE-798

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.9EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

21 mai 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud project.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Open ISES · Tickets

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff https://github.com/openises/tickets/releases/tag/v3.44.2 https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-google-maps-api-key-in-tables-php