2 matches found
CVE-2026-41075
RT (Request Tracker) is affected by an SQL injection in the JSON search path via the entry_aggregator parameter. Affected versions: 5.0.0–5.0.9 and 6.0.0–6.0.2. Root cause: input incorporated into queries without proper validation, enabling authenticated users to read or modify RT database data. ...
CVE-2026-41075 RT: SQL injection via entry_aggregator parameter in JSON search
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...