LOW
osTicket
CVE published 2026-05-09
CVE-2026-8194
CVE-2026-8194 is a low-severity cross-site request forgery issue reported in osTicket versions up to 1.18.3. The source record says the problem is in include/class.dispatcher.php within the Dispatcher component and can be triggered by manipulating the _method argument. The same source also notes that the issue was publicly disclosed and that the project was notified early via a pull request, but had not r [truncated]