CVE-2026-34744
MEDIUMMantisBT authorization bypass allows continued access to self-uploaded attachments on private issues
Title source: cnaDescription
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this vulnerability is minimal, considering that only attachments previously uploaded by the user themselves remain accessible. This issue has been fixed in version 2.82.2.
References (3)
Core 3
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf
X_Refsource_Misc x_refsource_misc
https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d
X_Refsource_Misc x_refsource_misc
https://mantisbt.org/bugs/view.php?id=36977
Scores
CVSS v4
5.3
EPSS
0.0036
EPSS Percentile
27.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
CWE-281
Status
published
Products (2)
mantisbt/mantisbt
0 - 2.28.2Packagist
mantisbt/mantisbt
< 2.28.2
Published
May 19, 2026
Tracked Since
May 20, 2026