A vulnerability described as critical has been identified in openises Tickets up to 3.44.1 . This affects an unknown part of the file message.php . Such manipulation of the argument frm_ticket_id/frm_resp_id leads to sql injection. This vulnerability is listed as CVE-2026-48237 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.