CVE-2026-34754 | THREATINT

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.

PUBLISHED Reserved 2026-03-30 | Published 2026-05-19 | Updated 2026-05-19 | Assigner GitHub_M

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-284: Improper Access Control

Product status

< 2.28.2

affected

References

github.com/...ntisbt/security/advisories/GHSA-h4x5-gvx6-3rwc

github.com/...ommit/b262b4d2835b81394d75356dead66e52a6275206

mantisbt.org/bugs/view.php?id=36976

cve.org (CVE-2026-34754)

nvd.nist.gov (CVE-2026-34754)

Download JSON