CVE-2026-48244: Use of Hard-coded Credentials in Open ISES Tickets
Open ISES Tickets versions before 3. 44. 2 contain a hardcoded Google Maps API key embedded in the settings. inc. php file, which is publicly accessible in the source repository. This key can be extracted by anyone with read access to the source code and used to make Google Maps Platform requests billed to the original owner's Google Cloud project. The vulnerability has a CVSS 4. 0 base score of 6. 9, indicating a medium severity level. The product is a cloud service, and a patch is available to address this issue.
AI Analysis
Technical Summary
CVE-2026-48244 describes a vulnerability in Open ISES Tickets prior to version 3.44.2 where a hardcoded Google Maps API key is embedded in a publicly accessible source file (settings.inc.php). This exposure allows unauthorized users with read access to the source code to extract the API key and make requests to the Google Maps Platform, potentially incurring costs billed to the legitimate owner's Google Cloud account. The vulnerability affects the cloud-hosted service and has a CVSS 4.0 score of 6.9, reflecting a medium severity. A patch is available to remediate this issue.
Potential Impact
Unauthorized parties can extract the hardcoded Google Maps API key from the public source repository and use it to make Google Maps Platform requests. This can lead to unexpected charges billed to the original owner's Google Cloud project. There is no indication of direct compromise of the Open ISES Tickets system or user data, but the financial impact on the cloud project owner is the primary concern.
Mitigation Recommendations
A patch is available to remove the hardcoded API key from the source code and prevent unauthorized use. Since Open ISES Tickets is a cloud service, the vendor manages remediation for this issue. Users should upgrade to version 3.44.2 or later as soon as possible to mitigate the risk. Review the vendor advisory for confirmation and further guidance.
CVE-2026-48244: Use of Hard-coded Credentials in Open ISES Tickets
Description
Open ISES Tickets versions before 3. 44. 2 contain a hardcoded Google Maps API key embedded in the settings. inc. php file, which is publicly accessible in the source repository. This key can be extracted by anyone with read access to the source code and used to make Google Maps Platform requests billed to the original owner's Google Cloud project. The vulnerability has a CVSS 4. 0 base score of 6. 9, indicating a medium severity level. The product is a cloud service, and a patch is available to address this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-48244 describes a vulnerability in Open ISES Tickets prior to version 3.44.2 where a hardcoded Google Maps API key is embedded in a publicly accessible source file (settings.inc.php). This exposure allows unauthorized users with read access to the source code to extract the API key and make requests to the Google Maps Platform, potentially incurring costs billed to the legitimate owner's Google Cloud account. The vulnerability affects the cloud-hosted service and has a CVSS 4.0 score of 6.9, reflecting a medium severity. A patch is available to remediate this issue.
Potential Impact
Unauthorized parties can extract the hardcoded Google Maps API key from the public source repository and use it to make Google Maps Platform requests. This can lead to unexpected charges billed to the original owner's Google Cloud project. There is no indication of direct compromise of the Open ISES Tickets system or user data, but the financial impact on the cloud project owner is the primary concern.
Mitigation Recommendations
A patch is available to remove the hardcoded API key from the source code and prevent unauthorized use. Since Open ISES Tickets is a cloud service, the vendor manages remediation for this issue. Users should upgrade to version 3.44.2 or later as soon as possible to mitigate the risk. Review the vendor advisory for confirmation and further guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-05-21T13:15:18.102Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a0f4498e1370fbb483a589e
Added to database: 5/21/2026, 5:44:56 PM
Last enriched: 5/21/2026, 6:00:37 PM
Last updated: 5/21/2026, 6:55:31 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.