Bypassing Zammad's AI text tool authorization via REST API (CVE-2026-34782 / CVE-2026-34837)
How missing authorization checks in Zammad's REST API let agents execute group-restricted AI text tools and inject unauthorized ticket context into AI prompts.