Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

traccar — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting traccar. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Traccar is an open-source GPS tracking platform designed for vehicle and asset monitoring. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These flaws often stem from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the 14 CVEs on record indicate consistent security challenges. The platform's exposure to internet-facing deployments increases its risk profile, particularly when running outdated versions without proper hardening. Security researchers have identified authentication bypasses and information disclosure weaknesses in its web interface and API endpoints, emphasizing the need for regular updates and secure deployment practices.

Top products by traccar: Traccar Server
CVE IDTitleCVSSSeverityPublished
CVE-2026-27694 traccar allows stored HTML injection in notification emails — traccarCWE-79 5.4 Medium2026-05-05
CVE-2026-27693 traccar allows XML injection in KML and GPX exports — traccarCWE-91 5.4 Medium2026-05-05
CVE-2026-27644 traccar allows CSV formula injection via exported position data — traccarCWE-1236 6.5 Medium2026-05-05
CVE-2026-25649 Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints — traccarCWE-352 7.3 High2026-02-23
CVE-2026-25648 Traccar Vulnerable to Stored Cross-Site Scripting (XSS) via Malicious SVG File Upload — traccarCWE-79 8.7 High2026-02-23
CVE-2026-23521 Traccar vulnerable to Path Traversal and External Control of File Name or Path — traccarCWE-22 6.5 Medium2026-02-23
CVE-2025-68930 Traccar Missing Origin Validation in WebSockets — traccarCWE-1385 7.1 High2026-02-23
CVE-2025-61666 Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File — traccarCWE-22 9.1AICriticalAI2025-10-02
CVE-2024-7746 Use of default credentials at Traccar fleet management solution — ServerCWE-1392 9.8AICriticalAI2024-08-13
CVE-2024-31214 Traccar's unrestricted file upload vulnerability in device image upload could lead to remote code execution — traccarCWE-434 9.7 Critical2024-04-10
CVE-2024-24809 Traccar vulnerable to Path Traversal: 'dir/../../filename' and Unrestricted Upload of File with Dangerous Type — traccarCWE-27 8.5 High2024-04-10
CVE-2023-50729 An unrestricted file upload vulnerability in traccar leads to RCE — traccarCWE-434 8.5 High2024-01-15
CVE-2021-21292 Unquoted Windows binary path in Traccar — traccarCWE-428 5.5 Medium2021-02-02
CVE-2020-5246 LDAP injection vulnerability in Traccar GPS Tracking System — TraccarCWE-90 7.7 High2020-07-14

This page lists every published CVE security advisory associated with traccar. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.