CVE-2026-41075
Publication date 22 May 2026
Last updated 6 July 2026
Ubuntu priority
Cvss 3 Severity Score
Description
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the RT database. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by restricting RT account access to trusted users.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| request-tracker5 | 26.04 LTS resolute |
Fixed 5.0.7+dfsg-6ubuntu0.1~esm1
|
| 25.10 questing |
Vulnerable
|
|
| 24.04 LTS noble |
Fixed 5.0.5+dfsg-2ubuntu0.1~esm2
|
|
| 22.04 LTS jammy |
Fixed 5.0.1+dfsg-1ubuntu1+esm2
|
|
| request-tracker4 | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialSeverity score breakdown
CVSS version: CVSS v3.0
Base score
8.8 · High
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Related Ubuntu Security Notices (USN)
- USN-8506-1
- Request Tracker vulnerabilities
- 6 July 2026