CVE-2026-34754

EUVD-2026-31003
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GitHub_MCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mantisbtmantisbt
𝑥
< 2.28.2
CNA
Common Weakness Enumeration
References
https://github.com/mantisbt/mantisbt/commit/b262b4d2835b81394d75356dead66e52a6275206
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h4x5-gvx6-3rwc
https://mantisbt.org/bugs/view.php?id=36976