PT-2026-42835 · Rt · Rt
CVSS v3.1
4.6
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RT versions prior to 5.0.10
RT versions 6.0.0 through 6.0.2
Description
User-controlled data in spreadsheet exports is not sanitized before being written to the output file. This allows spreadsheet applications to interpret crafted values as formulas or macros when the file is opened, leading to a spreadsheet (CSV/formula) injection.
Recommendations
Update versions prior to 5.0.10 to version 5.0.10.
Update versions 6.0.0 through 6.0.2 to version 6.0.3.
As a temporary workaround, avoid opening exported spreadsheet files directly in spreadsheet applications when the data may contain untrusted user input.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rt