UBUNTU-CVE-2026-41075
- Source
- https://ubuntu.com/security/CVE-2026-41075
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41075.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-41075
- Upstream
- Published
- 2026-05-22T22:16:00Z
- Modified
- 2026-05-27T19:15:17.830637124Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the RT database. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by restricting RT account access to trusted users.
- References
Affected packages
Ubuntu:16.04:LTS
request-tracker4
Package
- Name
- request-tracker4
- Purl
- pkg:deb/ubuntu/request-tracker4?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.2.12-5"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.2.12-5"
}
]
}Ubuntu:20.04:LTS
request-tracker4
Package
- Name
- request-tracker4
- Purl
- pkg:deb/ubuntu/request-tracker4?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.3-2+deb10u3build0.20.04.1"
}
]
}Ubuntu:22.04:LTS
request-tracker4
Package
- Name
- request-tracker4
- Purl
- pkg:deb/ubuntu/request-tracker4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.4+dfsg-2ubuntu1.22.04.1"
}
]
}Ubuntu:24.04:LTS
request-tracker4
Package
- Name
- request-tracker4
- Purl
- pkg:deb/ubuntu/request-tracker4?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-1"
}
]
}Ubuntu:25.10
request-tracker4
Package
- Name
- request-tracker4
- Purl
- pkg:deb/ubuntu/request-tracker4?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
}request-tracker5
Package
- Name
- request-tracker5
- Purl
- pkg:deb/ubuntu/request-tracker5?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker5",
"binary_version": "5.0.7+dfsg-4"
},
{
"binary_name": "rt5-apache2",
"binary_version": "5.0.7+dfsg-4"
},
{
"binary_name": "rt5-clients",
"binary_version": "5.0.7+dfsg-4"
},
{
"binary_name": "rt5-db-mysql",
"binary_version": "5.0.7+dfsg-4"
},
{
"binary_name": "rt5-db-postgresql",
"binary_version": "5.0.7+dfsg-4"
},
{
"binary_name": "rt5-db-sqlite",
"binary_version": "5.0.7+dfsg-4"
},
{
"binary_name": "rt5-doc-html",
"binary_version": "5.0.7+dfsg-4"
},
{
"binary_name": "rt5-fcgi",
"binary_version": "5.0.7+dfsg-4"
},
{
"binary_name": "rt5-standalone",
"binary_version": "5.0.7+dfsg-4"
}
]
}Ubuntu:26.04:LTS
request-tracker4
Package
- Name
- request-tracker4
- Purl
- pkg:deb/ubuntu/request-tracker4?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.7+dfsg-4syncable1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.7+dfsg-4syncable1"
}
]
}request-tracker5
Package
- Name
- request-tracker5
- Purl
- pkg:deb/ubuntu/request-tracker5?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker5",
"binary_version": "5.0.7+dfsg-6"
},
{
"binary_name": "rt5-apache2",
"binary_version": "5.0.7+dfsg-6"
},
{
"binary_name": "rt5-clients",
"binary_version": "5.0.7+dfsg-6"
},
{
"binary_name": "rt5-db-mysql",
"binary_version": "5.0.7+dfsg-6"
},
{
"binary_name": "rt5-db-postgresql",
"binary_version": "5.0.7+dfsg-6"
},
{
"binary_name": "rt5-db-sqlite",
"binary_version": "5.0.7+dfsg-6"
},
{
"binary_name": "rt5-doc-html",
"binary_version": "5.0.7+dfsg-6"
},
{
"binary_name": "rt5-fcgi",
"binary_version": "5.0.7+dfsg-6"
},
{
"binary_name": "rt5-standalone",
"binary_version": "5.0.7+dfsg-6"
}
]
}Ubuntu:Pro:18.04:LTS
request-tracker4
Package
- Name
- request-tracker4
- Purl
- pkg:deb/ubuntu/request-tracker4?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker4",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-apache2",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-clients",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-mysql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-postgresql",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-db-sqlite",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-doc-html",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-fcgi",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
},
{
"binary_name": "rt4-standalone",
"binary_version": "4.4.2-2ubuntu0.1~esm1"
}
]
}Ubuntu:Pro:22.04:LTS
request-tracker5
Package
- Name
- request-tracker5
- Purl
- pkg:deb/ubuntu/request-tracker5?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker5",
"binary_version": "5.0.1+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "rt5-apache2",
"binary_version": "5.0.1+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "rt5-clients",
"binary_version": "5.0.1+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "rt5-db-mysql",
"binary_version": "5.0.1+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "rt5-db-postgresql",
"binary_version": "5.0.1+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "rt5-db-sqlite",
"binary_version": "5.0.1+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "rt5-doc-html",
"binary_version": "5.0.1+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "rt5-fcgi",
"binary_version": "5.0.1+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "rt5-standalone",
"binary_version": "5.0.1+dfsg-1ubuntu1+esm1"
}
]
}Ubuntu:Pro:24.04:LTS
request-tracker5
Package
- Name
- request-tracker5
- Purl
- pkg:deb/ubuntu/request-tracker5?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "request-tracker5",
"binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "rt5-apache2",
"binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "rt5-clients",
"binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "rt5-db-mysql",
"binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "rt5-db-postgresql",
"binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "rt5-db-sqlite",
"binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "rt5-doc-html",
"binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "rt5-fcgi",
"binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1"
},
{
"binary_name": "rt5-standalone",
"binary_version": "5.0.5+dfsg-2ubuntu0.1~esm1"
}
]
}