A vulnerability identified as critical has been detected in openises Tickets up to 3.44.1 . Affected is an unknown function of the file ajax/sit_incidents.php of the component SELECT Statement Handler . The manipulation of the argument offset leads to sql injection. This vulnerability is referenced as CVE-2026-48233 . Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.