Packages
- request-tracker5 - extensible trouble-ticket tracking system
Details
Aleksander Iwicki discovered that Request Tracker did not properly sanitize
the search "Page" URL parameter. A remote attacker could possibly use this
issue to conduct a reflected cross-site scripting attack. (CVE-2026-6841)
It was discovered that Request Tracker did not properly sanitize user-
controlled data written to spreadsheet exports of search results. A remote
attacker could possibly use this issue to conduct a spreadsheet
(CSV/formula) injection attack, causing spreadsheet applications to
interpret crafted values as formulas or macros when the file is opened.
(CVE-2026-41073)
It was discovered that Request Tracker did not properly validate input
incorporated into database queries via the entry_aggregator parameter in
JSON search. An authenticated user could possibly use this issue to perform
SQL injection attacks and read or modify data in...
Aleksander Iwicki discovered that Request Tracker did not properly sanitize
the search "Page" URL parameter. A remote attacker could possibly use this
issue to conduct a reflected cross-site scripting attack. (CVE-2026-6841)
It was discovered that Request Tracker did not properly sanitize user-
controlled data written to spreadsheet exports of search results. A remote
attacker could possibly use this issue to conduct a spreadsheet
(CSV/formula) injection attack, causing spreadsheet applications to
interpret crafted values as formulas or macros when the file is opened.
(CVE-2026-41073)
It was discovered that Request Tracker did not properly validate input
incorporated into database queries via the entry_aggregator parameter in
JSON search. An authenticated user could possibly use this issue to perform
SQL injection attacks and read or modify data in the RT database.
(CVE-2026-41075)
It was discovered that Request Tracker contained an authentication bypass
when configured to authenticate users against an LDAP or Active Directory
server. Under certain LDAP server configurations, a remote attacker could
possibly use this issue to authenticate as any LDAP-backed RT user without
supplying valid credentials. (CVE-2026-41076)
It was discovered that Request Tracker served certain uploaded content
inline rather than as an attachment. A remote attacker could possibly use
this issue to conduct a cross-site scripting attack. (CVE-2026-44229)
It was discovered that Request Tracker did not properly sanitize input on
search-results chart pages. A remote attacker could possibly use this issue
to conduct a reflected cross-site scripting attack. (CVE-2026-44230)
Jeroen Gui discovered that Request Tracker did not properly restrict access
to the REST 2.0 user collection endpoint. A privileged user could possibly
use this issue to obtain authentication credentials belonging to other
users, including administrators, resulting in privilege escalation and
information disclosure. (CVE-2026-44231)
Update instructions
After a standard system update you need to restart request-tracker5 to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | request-tracker5 – 5.0.7+dfsg-6ubuntu0.1~esm1 | ||
| rt5-apache2 – 5.0.7+dfsg-6ubuntu0.1~esm1 | |||
| rt5-clients – 5.0.7+dfsg-6ubuntu0.1~esm1 | |||
| rt5-db-mysql – 5.0.7+dfsg-6ubuntu0.1~esm1 | |||
| rt5-db-postgresql – 5.0.7+dfsg-6ubuntu0.1~esm1 | |||
| rt5-db-sqlite – 5.0.7+dfsg-6ubuntu0.1~esm1 | |||
| rt5-fcgi – 5.0.7+dfsg-6ubuntu0.1~esm1 | |||
| rt5-standalone – 5.0.7+dfsg-6ubuntu0.1~esm1 | |||
| 24.04 LTS noble | request-tracker5 – 5.0.5+dfsg-2ubuntu0.1~esm2 | ||
| rt5-apache2 – 5.0.5+dfsg-2ubuntu0.1~esm2 | |||
| rt5-clients – 5.0.5+dfsg-2ubuntu0.1~esm2 | |||
| rt5-db-mysql – 5.0.5+dfsg-2ubuntu0.1~esm2 | |||
| rt5-db-postgresql – 5.0.5+dfsg-2ubuntu0.1~esm2 | |||
| rt5-db-sqlite – 5.0.5+dfsg-2ubuntu0.1~esm2 | |||
| rt5-fcgi – 5.0.5+dfsg-2ubuntu0.1~esm2 | |||
| rt5-standalone – 5.0.5+dfsg-2ubuntu0.1~esm2 | |||
| 22.04 LTS jammy | request-tracker5 – 5.0.1+dfsg-1ubuntu1+esm2 | ||
| rt5-apache2 – 5.0.1+dfsg-1ubuntu1+esm2 | |||
| rt5-clients – 5.0.1+dfsg-1ubuntu1+esm2 | |||
| rt5-db-mysql – 5.0.1+dfsg-1ubuntu1+esm2 | |||
| rt5-db-postgresql – 5.0.1+dfsg-1ubuntu1+esm2 | |||
| rt5-db-sqlite – 5.0.1+dfsg-1ubuntu1+esm2 | |||
| rt5-fcgi – 5.0.1+dfsg-1ubuntu1+esm2 | |||
| rt5-standalone – 5.0.1+dfsg-1ubuntu1+esm2 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.