CVE-2026-27693 in Traccarinformação

Sumário

de MITRE • 05/05/2026

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML content into exported files. If another user exports and opens the affected KML or GPX file, this can corrupt the file structure and spoof exported location data. This issue is fixed in version 6.13.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

23/02/2026

Divulgação

05/05/2026

Moderação

aceite

Entrada

VDB-361178

CPE

pronto

CWE

CWE-91 (confirmado)

CVSS

5.4 (CNA)

EPSS

0.00043

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-27693
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-27693
CVE Details	https://www.cvedetails.com/cve/CVE-2026-27693/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!