CVE-2026-34754

medium

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.

References

https://mantisbt.org/bugs/view.php?id=36976

https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h4x5-gvx6-3rwc

https://github.com/mantisbt/mantisbt/commit/b262b4d2835b81394d75356dead66e52a6275206

Details

Source: Mitre, NVD

Published: 2026-05-20

Updated: 2026-05-20

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N