← Back to home
ICSA-26-085-02  ·  Published 2026-03-26  ·  View on CISA ICS-CERT ↗

OpenCode Systems OC Messaging and USSD Gateway

CVSS 8.1 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter.

CVEs (1)

Remediations

  • The vulnerability was identified by OpenCode Systems on January 5, 2026 and remediated on January 6, 2026 with the release of version 6.33.11.
  • For more information, contact OpenCode: https://opencode.com/about/contact-us

Affected Vendors

OpenCode Systems

Affected Products (2)

OpenCode Systems · OC Messaging 6.32.2
OpenCode Systems · USSD Gateway 6.32.2

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more