PT-2026-42835 · Rt · Rt

·

CVE-2026-41073

·

Published

2026-05-22

·

Updated

2026-07-06

CVSS v3.1

4.6

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions RT versions prior to 5.0.10 RT versions 6.0.0 through 6.0.2
Description User-controlled data in spreadsheet exports is not sanitized before being written to the output file. This allows spreadsheet applications to interpret crafted values as formulas or macros when the file is opened, leading to a spreadsheet (CSV/formula) injection.
Recommendations Update versions prior to 5.0.10 to version 5.0.10. Update versions 6.0.0 through 6.0.2 to version 6.0.3. As a temporary workaround, avoid opening exported spreadsheet files directly in spreadsheet applications when the data may contain untrusted user input.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-41073
GHSA-6X92-7V65-7M3R
USN-8506-1

Affected Products

Rt