RT 6.0.3 Security Vulnerabilities Summary: RCE/LPE/SQLi/XSS and CSRF Advisory

RT 6.0.3 Security Vulnerability Summary Vulnerability Overview RT version 6.0.3 contains multiple critical security vulnerabilities, including privilege escalation, SQL injection, LDAP bypass, cross-site scripting (XSS), and spreadsheet injection. Impact Scope Privilege Escalation (CVE-2026-44231): Attackers can obtain authentication credentials of other users (including administrators) via the REST 2.0 user collection endpoint and use these credentials to read RSS and iCal feed data. SQL Injection (CVE-2026-41075): Attackers can inject malicious code through the parameter in JSON searches, allowing them to read or modify database data. LDAP Bypass (CVE-2026-41076): Under specific LDAP server configurations, attackers can bypass authentication and log in as any LDAP user. CSRF (CVE-2026-41074): Attackers can trick logged-in users into visiting a malicious webpage, thereby executing arbitrary state-changing operations on behalf of that user. Stored XSS (CVE-2026-44228): Unescaped user input exists in templates. Reflected XSS (CVE-2026-6841, CVE-2026-44227, CVE-2026-44230): Attackers can trigger malicious scripts via search page URL parameters, search result chart pages, or uploaded content. Spreadsheet Injection (CVE-2026-41073): Exported CSV/formula files contain unfiltered user input, potentially leading applications like Excel to execute malicious formulas or macros. Remediation Immediate Upgrade: All users are advised to upgrade to RT version 6.0.3 as soon as possible. Apply Patches: For users who have already deployed RT 6.0.3, apply the patch for TSV export header injection (mitigation for CVE-2026-41073). Patch Link: Secure Configuration: Review and harden LDAP server configurations to prevent bypass attacks. Input Validation: Implement strict validation and escaping for all user input, especially for database queries, template rendering, and file exports. CSRF Protection**: Ensure all state-changing operations include valid CSRF token verification.

Goal Reached Thanks to every supporter — we hit 100%!

RT 6.0.3 Security Vulnerabilities Summary: RCE/LPE/SQLi/XSS and CSRF Advisory

More from this source