CVE-2026-48245: Use of Hard-coded Credentials in Open ISES Tickets
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud project.
AI Analysis
Technical Summary
CVE-2026-48245 describes a vulnerability in Open ISES Tickets prior to version 3.44.2 where a hardcoded Google Maps API key is embedded in the publicly accessible source code file tables.php. This exposure allows anyone with read access to the source repository to extract the API key and use it to make requests against the Google Maps Platform, potentially incurring costs charged to the legitimate owner's Google Cloud account. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. The product is cloud-hosted, and a patch is available to remediate the issue.
Potential Impact
Unauthorized users can extract the hardcoded Google Maps API key and use it to make Google Maps Platform requests that are billed to the legitimate owner's Google Cloud project. This can lead to unexpected charges and potential abuse of the API key. There is no indication of direct compromise of the Open ISES Tickets system or data beyond billing impact.
Mitigation Recommendations
A patch is available to remove the hardcoded API key from the source code. Since Open ISES Tickets is a cloud service, the vendor manages remediation for this issue. Users should update to version 3.44.2 or later as soon as possible to eliminate the exposure of the hardcoded API key. Review Google Cloud project usage and rotate or restrict the exposed API key to prevent further unauthorized use.
CVE-2026-48245: Use of Hard-coded Credentials in Open ISES Tickets
Description
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud project.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-48245 describes a vulnerability in Open ISES Tickets prior to version 3.44.2 where a hardcoded Google Maps API key is embedded in the publicly accessible source code file tables.php. This exposure allows anyone with read access to the source repository to extract the API key and use it to make requests against the Google Maps Platform, potentially incurring costs charged to the legitimate owner's Google Cloud account. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. The product is cloud-hosted, and a patch is available to remediate the issue.
Potential Impact
Unauthorized users can extract the hardcoded Google Maps API key and use it to make Google Maps Platform requests that are billed to the legitimate owner's Google Cloud project. This can lead to unexpected charges and potential abuse of the API key. There is no indication of direct compromise of the Open ISES Tickets system or data beyond billing impact.
Mitigation Recommendations
A patch is available to remove the hardcoded API key from the source code. Since Open ISES Tickets is a cloud service, the vendor manages remediation for this issue. Users should update to version 3.44.2 or later as soon as possible to eliminate the exposure of the hardcoded API key. Review Google Cloud project usage and rotate or restrict the exposed API key to prevent further unauthorized use.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-05-21T13:15:18.102Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a0f4498e1370fbb483a58a3
Added to database: 5/21/2026, 5:44:56 PM
Last enriched: 5/21/2026, 6:00:31 PM
Last updated: 5/21/2026, 6:52:22 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.