Several security issues were fixed in Request Tracker.
Software Description:
- request-tracker5: extensible trouble-ticket tracking system
Details:
Aleksander Iwicki discovered that Request Tracker did not properly sanitize
the search "Page" URL parameter. A remote attacker could possibly use this
issue to conduct a reflected cross-site scripting attack. (CVE-2026-6841)
It was discovered that Request Tracker did not properly sanitize user-
controlled data written to spreadsheet exports of search results. A remote
attacker could possibly use this issue to conduct a spreadsheet
(CSV/formula) injection attack, causing spreadsheet applications to
interpret crafted values as formulas or macros when the file is opened.
(CVE-2026-41073)
It was discovered that Request Tracker did not properly validate input
incorporated into database queries via the entry_aggregator parameter in
JSON search. An authenticated user could possibly use this issue to perform
SQL injection attacks and read ...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
request-tracker5 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-apache2 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-clients 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-db-mysql 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-db-postgresql 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-db-sqlite 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-fcgi 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-standalone 5.0.7+dfsg-6ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 24.04 LTS
request-tracker5 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-apache2 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-clients 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-db-mysql 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-db-postgresql 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-db-sqlite 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-fcgi 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
rt5-standalone 5.0.5+dfsg-2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
request-tracker5 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-apache2 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-clients 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-db-mysql 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-db-postgresql 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-db-sqlite 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-fcgi 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
rt5-standalone 5.0.1+dfsg-1ubuntu1+esm2
Available with Ubuntu Pro
After a standard system update you need to restart request-tracker5 to make
all the necessary changes.https://ubuntu.com/security/notices/USN-8506-1
CVE-2026-41073, CVE-2026-41075, CVE-2026-41076, CVE-2026-44229,
CVE-2026-44230, CVE-2026-44231, CVE-2026-6841
Get the latest Linux and open source security news straight to your inbox.