CVE Catalog

CVE-2026-41074

High
Published: Translated: NVD NIST

Summary

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to trigger arbitrary state-changing actions in RT on behalf of a logged-in user.

Risk Assessment

An attacker can exploit this vulnerability to perform unauthorized actions within the system, potentially leading to data loss or integrity breaches.

Recommendation

It is recommended to upgrade to version 6.0.3, where this vulnerability has been fixed.

Original NVD description (English source)

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that user's behalf. This issue has been fixed in version 6.0.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS