A vulnerability, which was classified as problematic , has been found in openises tickets up to 3.44.1 . The affected element is an unknown function of the file add_note.php of the component URL Handler . Performing a manipulation of the argument ticket_id results in cross site scripting. This vulnerability was named CVE-2026-35009 . The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.