Home / mailingsPDF  

[USN-8506-1] Request Tracker vulnerabilities

Posted on 06 July 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8506-1
July 06, 2026

request-tracker5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Request Tracker.

Software Description:
- request-tracker5: extensible trouble-ticket tracking system

Details:

Aleksander Iwicki discovered that Request Tracker did not properly sanitize
the search "Page" URL parameter. A remote attacker could possibly use this
issue to conduct a reflected cross-site scripting attack. (CVE-2026-6841)

It was discovered that Request Tracker did not properly sanitize user-
controlled data written to spreadsheet exports of search results. A remote
attacker could possibly use this issue to conduct a spreadsheet
(CSV/formula) injection attack, causing spreadsheet applications to
interpret crafted values as formulas or macros when the file is opened.
(CVE-2026-41073)

It was discovered that Request Tracker did not properly validate input
incorporated into database queries via the entry_aggregator parameter in
JSON search. An authenticated user could possibly use this issue to perform
SQL injection attacks and read or modify data in the RT database.
(CVE-2026-41075)

It was discovered that Request Tracker contained an authentication bypass
when configured to authenticate users against an LDAP or Active Directory
server. Under certain LDAP server configurations, a remote attacker could
possibly use this issue to authenticate as any LDAP-backed RT user without
supplying valid credentials. (CVE-2026-41076)

It was discovered that Request Tracker served certain uploaded content
inline rather than as an attachment. A remote attacker could possibly use
this issue to conduct a cross-site scripting attack. (CVE-2026-44229)

It was discovered that Request Tracker did not properly sanitize input on
search-results chart pages. A remote attacker could possibly use this issue
to conduct a reflected cross-site scripting attack. (CVE-2026-44230)

Jeroen Gui discovered that Request Tracker did not properly restrict access
to the REST 2.0 user collection endpoint. A privileged user could possibly
use this issue to obtain authentication credentials belonging to other
users, including administrators, resulting in privilege escalation and
information disclosure. (CVE-2026-44231)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
request-tracker5 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-apache2 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-clients 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-db-mysql 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-db-postgresql 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-db-sqlite 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-fcgi 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-standalone 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 24.04 LTS
request-tracker5 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-apache2 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-clients 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-db-mysql 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-db-postgresql 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-db-sqlite 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-fcgi 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-standalone 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 22.04 LTS
request-tracker5 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-apache2 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-clients 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-db-mysql 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-db-postgresql 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-db-sqlite 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-fcgi 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-standalone 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro

After a standard system update you need to restart request-tracker5 to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8506-1
CVE-2026-41073, CVE-2026-41075, CVE-2026-41076, CVE-2026-44229,
CVE-2026-44230, CVE-2026-44231, CVE-2026-6841

--===============0110676747775076311==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP