CVE-2026-41076
published 2026-05-22CVE-2026-41076: RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication…
PriorityP357high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.39%
31.0th percentile
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker may be able to authenticate as any LDAP-backed RT user without supplying valid credentials. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by reviewing their LDAP server's authentication policy to ensure it rejects unauthenticated bind attempts. Upgrading RT remains the recommended fix.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bestpractical | rt | < 5.0.10 | 5.0.10 |
| bestpractical | rt | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvelistv5v3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
bestpractical rt up to 5.0.9/6.0.2 LDAP/AD improper authentication (GHSA-3w28-fmcr-mjjx)
vuldb·2026-05-23
CVE-2026-41076 [CRITICAL] bestpractical rt up to 5.0.9/6.0.2 LDAP/AD improper authentication (GHSA-3w28-fmcr-mjjx)
A vulnerability was found in bestpractical rt up to 5.0.9/6.0.2. It has been declared as critical. The affected element is an unknown function of the component LDAP/AD. Such manipulation leads to improper authentication.
This vulnerability is traded as CVE-2026-41076. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
CVEList
RT: LDAP authentication bypass via empty password
cvelistv5·2026-05-22·CVSS 8.1
CVE-2026-41076 [HIGH] CWE-287 RT: LDAP authentication bypass via empty password
RT: LDAP authentication bypass via empty password
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker may be able to authenticate as any LDAP-backed RT user without supplying valid credentials. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by reviewing their LDAP server's authentication policy to ensure it rejects unauthenticated bind attempts. Upgrading RT remains the recommended fix.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-41076 rt: RT: Authentication bypass allows unauthorized access via specific LDAP configurations [fedora-all]
bugzilla·2026-05-29·CVSS 8.1
CVE-2026-41076 [HIGH] CVE-2026-41076 rt: RT: Authentication bypass allows unauthorized access via specific LDAP configurations [fedora-all]
CVE-2026-41076 rt: RT: Authentication bypass allows unauthorized access via specific LDAP configurations [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-41076 rt: RT: Authentication bypass allows unauthorized access via specific LDAP configurations
bugzilla·2026-05-22·CVSS 8.1
CVE-2026-41076 [HIGH] CVE-2026-41076 rt: RT: Authentication bypass allows unauthorized access via specific LDAP configurations
CVE-2026-41076 rt: RT: Authentication bypass allows unauthorized access via specific LDAP configurations
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker may be able to authenticate as any LDAP-backed RT user without supplying valid credentials. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by reviewing their LDAP server's authentication policy to ensure it rejects unauthenticated bind attempts. Upgrading RT remains the recommended fix.
2026-05-22
Published