Critical Vulnerabilities in Request Tracker Expose Users to XSS and SQL Injection Attacks

Critical Vulnerabilities in Request Tracker Expose Users to XSS and SQL Injection Attacks

First seen 6 Jul 2026, 23:49 UTC UbuntuLinuxsecurity 92% similarity 70.5

Article Content

Browse articles
ThreatCluster

Multiple vulnerabilities have been discovered in Request Tracker, including reflected cross-site scripting (CVE-2026-6841) and SQL injection risks (CVE-2026-41075). These flaws allow remote attackers to exploit improperly sanitized input, potentially leading to unauthorized access and data manipulation. Specifically, an attacker could exploit the 'Page' URL parameter for XSS attacks and manipulate spreadsheet exports for CSV/formula injection (CVE-2026-41073). Additionally, an authentication bypass vulnerability (CVE-2026-41076) could allow unauthorized access under certain LDAP configurations. The vulnerabilities affect various versions of Request Tracker across Ubuntu LTS releases. Users are advised to update their systems to mitigate these risks.

Key Points: • Request Tracker has critical vulnerabilities including XSS and SQL injection risks. • CVE-2026-6841 allows reflected cross-site scripting via the 'Page' URL parameter. • Users should update to the latest package versions to protect against these vulnerabilities.

ThreatCluster AI

Timeline

2026-05-21
CVE-2026-6841 published
Reflected cross-site scripting vulnerability discovered in Request Tracker affecting user input sanitization.
Ubuntu
2026-05-22
CVE-2026-41073 published
Spreadsheet injection vulnerability identified in Request Tracker, allowing crafted values to execute as formulas.
Ubuntu
2026-05-22
CVE-2026-41075 published
SQL injection vulnerability found in Request Tracker, enabling authenticated users to manipulate database queries.
Ubuntu
2026-05-22
CVE-2026-41076 published
Authentication bypass vulnerability discovered in Request Tracker under specific LDAP configurations.
Ubuntu
2026-07-06
Advisory published for Request Tracker vulnerabilities
Ubuntu and LinuxSecurity published advisories detailing critical vulnerabilities in Request Tracker and recommended updates.
Linuxsecurity

Community

Browse all →