README.md
Rendering markdown...
#!/usr/bin/env python3
"""
Safe CVE-2026-34724 Checker for Zammad
- Only checks version (no RCE attempt)
- Works without login
"""
import requests
import sys
import argparse
requests.packages.urllib3.disable_warnings()
def check_zammad(url):
base_url = url.rstrip("/")
version_url = f"{base_url}/api/v1/version"
print(f"[*] Checking Zammad version at: {base_url}")
print("[*] This is a SAFE check — no payload is sent.\n")
try:
r = requests.get(version_url, verify=False, timeout=10)
if r.status_code == 200:
data = r.json()
version = data.get("version", "Unknown")
print(f"[+] Zammad Version Detected: {version}")
if version == "Unknown":
print("[-] Could not parse version.")
return
# Compare versions
if version.startswith("7.0."):
minor = int(version.split(".")[2]) if len(version.split(".")) > 2 else 0
if minor >= 1:
print("✅ SAFE - Patched (7.0.1 or newer)")
else:
print("❌ VULNERABLE - 7.0.0 (upgrade to 7.0.1 required)")
elif version.startswith("6."):
print("❌ VULNERABLE - 6.x branch (upgrade to 6.5.4 or 7.0.1 recommended)")
elif version.startswith("7."):
print("✅ SAFE - 7.x branch (assuming >= 7.0.1)")
else:
print("⚠️ Unknown version branch. Manually check against 7.0.1 / 6.5.4")
print(f"\nOfficial Fix: Upgrade to Zammad 7.0.1 or 6.5.4")
print("Reference: https://github.com/zammad/zammad/security/advisories/GHSA-fg9w-jg8f-4j94")
else:
print(f"[-] Failed to fetch version. Status: {r.status_code}")
print(" Tip: Make sure the target is a Zammad instance and /api/v1/version is accessible.")
except requests.exceptions.RequestException as e:
print(f"[-] Connection error: {e}")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Safe CVE-2026-34724 Version Checker")
parser.add_argument("-u", "--url", required=True, help="Target URL (e.g. https://128.140.52.23)")
args = parser.parse_args()
check_zammad(args.url)