{"id":"USN-8506-1","summary":"request-tracker5 vulnerabilities","details":"Aleksander Iwicki discovered that Request Tracker did not properly sanitize\nthe search \"Page\" URL parameter. A remote attacker could possibly use this\nissue to conduct a reflected cross-site scripting attack. (CVE-2026-6841)\n\nIt was discovered that Request Tracker did not properly sanitize user-\ncontrolled data written to spreadsheet exports of search results. A remote\nattacker could possibly use this issue to conduct a spreadsheet\n(CSV/formula) injection attack, causing spreadsheet applications to\ninterpret crafted values as formulas or macros when the file is opened.\n(CVE-2026-41073)\n\nIt was discovered that Request Tracker did not properly validate input\nincorporated into database queries via the entry_aggregator parameter in\nJSON search. An authenticated user could possibly use this issue to perform\nSQL injection attacks and read or modify data in the RT database.\n(CVE-2026-41075)\n\nIt was discovered that Request Tracker contained an authentication bypass\nwhen configured to authenticate users against an LDAP or Active Directory\nserver. Under certain LDAP server configurations, a remote attacker could\npossibly use this issue to authenticate as any LDAP-backed RT user without\nsupplying valid credentials. (CVE-2026-41076)\n\nIt was discovered that Request Tracker served certain uploaded content\ninline rather than as an attachment. A remote attacker could possibly use\nthis issue to conduct a cross-site scripting attack. (CVE-2026-44229)\n\nIt was discovered that Request Tracker did not properly sanitize input on\nsearch-results chart pages. A remote attacker could possibly use this issue\nto conduct a reflected cross-site scripting attack. (CVE-2026-44230)\n\nJeroen Gui discovered that Request Tracker did not properly restrict access\nto the REST 2.0 user collection endpoint. A privileged user could possibly\nuse this issue to obtain authentication credentials belonging to other\nusers, including administrators, resulting in privilege escalation and\ninformation disclosure. (CVE-2026-44231)","modified":"2026-07-06T20:44:28.553899376Z","published":"2026-07-06T11:15:39Z","related":["UBUNTU-CVE-2026-41073","UBUNTU-CVE-2026-41075","UBUNTU-CVE-2026-41076","UBUNTU-CVE-2026-44229","UBUNTU-CVE-2026-44230","UBUNTU-CVE-2026-44231","UBUNTU-CVE-2026-6841"],"upstream":["CVE-2026-41073","CVE-2026-41075","CVE-2026-41076","CVE-2026-44229","CVE-2026-44230","CVE-2026-44231","CVE-2026-6841","UBUNTU-CVE-2026-41073","UBUNTU-CVE-2026-41075","UBUNTU-CVE-2026-41076","UBUNTU-CVE-2026-44229","UBUNTU-CVE-2026-44230","UBUNTU-CVE-2026-44231","UBUNTU-CVE-2026-6841"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8506-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-6841"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-41073"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-41075"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-41076"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-44229"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-44230"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-44231"}],"affected":[{"package":{"name":"request-tracker5","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/request-tracker5?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.1+dfsg-1ubuntu1+esm2"}]}],"versions":["5.0.1+dfsg-1ubuntu1","5.0.1+dfsg-1ubuntu1+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.0.1+dfsg-1ubuntu1+esm2","binary_name":"request-tracker5"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm2","binary_name":"rt5-apache2"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm2","binary_name":"rt5-clients"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm2","binary_name":"rt5-db-mysql"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm2","binary_name":"rt5-db-postgresql"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm2","binary_name":"rt5-db-sqlite"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm2","binary_name":"rt5-doc-html"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm2","binary_name":"rt5-fcgi"},{"binary_version":"5.0.1+dfsg-1ubuntu1+esm2","binary_name":"rt5-standalone"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6841"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41073"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41075"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41076"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-44229"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-44230"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-44231"}],"ecosystem":"Ubuntu:Pro:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8506-1.json"}},{"package":{"name":"request-tracker5","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/request-tracker5?arch=source&distro=esm-apps%2Fnoble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.5+dfsg-2ubuntu0.1~esm2"}]}],"versions":["5.0.1+dfsg-1ubuntu1","5.0.5+dfsg-2","5.0.5+dfsg-2ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm2","binary_name":"request-tracker5"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm2","binary_name":"rt5-apache2"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm2","binary_name":"rt5-clients"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm2","binary_name":"rt5-db-mysql"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm2","binary_name":"rt5-db-postgresql"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm2","binary_name":"rt5-db-sqlite"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm2","binary_name":"rt5-doc-html"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm2","binary_name":"rt5-fcgi"},{"binary_version":"5.0.5+dfsg-2ubuntu0.1~esm2","binary_name":"rt5-standalone"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6841"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41073"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41075"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41076"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-44229"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-44230"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-44231"}],"ecosystem":"Ubuntu:Pro:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8506-1.json"}},{"package":{"name":"request-tracker5","ecosystem":"Ubuntu:Pro:26.04:LTS","purl":"pkg:deb/ubuntu/request-tracker5?arch=source&distro=esm-apps%2Fresolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.7+dfsg-6ubuntu0.1~esm1"}]}],"versions":["5.0.7+dfsg-4","5.0.7+dfsg-6"],"ecosystem_specific":{"binaries":[{"binary_version":"5.0.7+dfsg-6ubuntu0.1~esm1","binary_name":"request-tracker5"},{"binary_version":"5.0.7+dfsg-6ubuntu0.1~esm1","binary_name":"rt5-apache2"},{"binary_version":"5.0.7+dfsg-6ubuntu0.1~esm1","binary_name":"rt5-clients"},{"binary_version":"5.0.7+dfsg-6ubuntu0.1~esm1","binary_name":"rt5-db-mysql"},{"binary_version":"5.0.7+dfsg-6ubuntu0.1~esm1","binary_name":"rt5-db-postgresql"},{"binary_version":"5.0.7+dfsg-6ubuntu0.1~esm1","binary_name":"rt5-db-sqlite"},{"binary_version":"5.0.7+dfsg-6ubuntu0.1~esm1","binary_name":"rt5-doc-html"},{"binary_version":"5.0.7+dfsg-6ubuntu0.1~esm1","binary_name":"rt5-fcgi"},{"binary_version":"5.0.7+dfsg-6ubuntu0.1~esm1","binary_name":"rt5-standalone"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:26.04:LTS","cves":[{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6841"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41073"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41075"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-41076"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-44229"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-44230"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-44231"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8506-1.json"}}],"schema_version":"1.7.5"}