A vulnerability was found in OTRS Community Edition up to 2026.3.x . It has been classified as critical . Impacted is an unknown function of the component ConfigItem List Module . This manipulation causes incorrect default permissions. This vulnerability appears as CVE-2026-48190 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.