CVE-2026-41073— Request Tracker 安全漏洞

RT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and similar apps

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can cause spreadsheet applications to interpret crafted values as formulas or macros when the file is opened. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by avoiding opening exported RT spreadsheet files directly in spreadsheet applications when the data may contain untrusted user input.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-1236

Request Tracker 安全漏洞

Request Tracker是Request Tracker公司的一个问题和工单跟踪系统。 Request Tracker 5.0.10之前版本和6.0.0版本至6.0.2版本存在安全漏洞，该漏洞源于电子表格导出中用户控制的数据在写入输出文件前未进行清理，可能导致电子表格注入。

N/A

N/A