MEDIUM
Best Practical
CVE published 2026-05-21
CVE-2026-6841
CVE-2026-6841 is a reflected cross-site scripting (XSS) flaw in Request Tracker. A crafted GET request using the Page parameter can cause attacker-controlled JavaScript to run in a victim's browser when they open the link. The issue is reported for RT 5.0.4 through 5.0.9 and 6.0.0 through 6.0.2; the source references point to fixed releases 5.0.10 and 6.0.3.