Linuxsecurity
Critical Vulnerabilities in Request Tracker Expose Users to XSS and SQL Injection Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Multiple vulnerabilities have been discovered in Request Tracker, including reflected cross-site scripting (CVE-2026-6841) and SQL injection risks (CVE-2026-41075). These flaws allow remote attackers to exploit improperly sanitized input, potentially leading to unauthorized access and data manipulation. Specifically, an attacker could exploit the 'Page' URL parameter for XSS attacks and manipulate spreadsheet exports for CSV/formula injection (CVE-2026-41073). Additionally, an authentication bypass vulnerability (CVE-2026-41076) could allow unauthorized access under certain LDAP configurations. The vulnerabilities affect various versions of Request Tracker across Ubuntu LTS releases. Users are advised to update their systems to mitigate these risks.
Key Points: • Request Tracker has critical vulnerabilities including XSS and SQL injection risks. • CVE-2026-6841 allows reflected cross-site scripting via the 'Page' URL parameter. • Users should update to the latest package versions to protect against these vulnerabilities.