CVE-2026-22200
HIGHCVSS v3
7.5
HIGH
EPSS Score
75.4%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the serve
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 1/12/2026
- Last Modified
- 1/27/2026
Frequently Asked Questions
What is CVE-2026-22200?
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the serve
Is CVE-2026-22200 actively exploited?
Active exploitation of CVE-2026-22200 has not been confirmed. The EPSS score is 75.4%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2026-22200?
CVE-2026-22200 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.
Is CVE-2026-22200 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.