VYPR
Medium severity5.4NVD Advisory· Published May 5, 2026· Updated May 8, 2026

CVE-2026-27693

CVE-2026-27693

Description

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML content into exported files. If another user exports and opens the affected KML or GPX file, this can corrupt the file structure and spoof exported location data. This issue is fixed in version 6.13.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Traccar/Traccarreferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:traccar:traccar:*:*:*:*:*:*:*:*range: >=6.11.1,<6.13.0
    • (no CPE)range: >=6.11.1 <6.13.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.