CVE-2026-27694 in Traccar정보

요약

\~에 의해 MITRE • 2026. 05. 05.

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store crafted HTML in these fields, which is then rendered in notification emails sent to other users with access to the affected devices. This can lead to phishing or spoofed email content. This issue is fixed in version 6.13.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub M

예약하다

2026. 02. 23.

공개

2026. 05. 05.

모더레이션

수락

항목

VDB-361179

CPE

준비됨

CWE

CWE-79 (확인됨)

CVSS

5.4 (CNA)

EPSS

0.00035

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-27694
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-27694
CVE Details	https://www.cvedetails.com/cve/CVE-2026-27694/

◂ 이전 개요 다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!