QwikSec

Security Database

CVE

CWE

Training

CVE-2026-34744

Published: May 19, 2026

Modified: May 20, 2026

PUBLISHED

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this vulnerability is minimal, considering that only attachments previously uploaded by the user themselves remain accessible. This issue has been fixed in version 2.82.2.

Vendor	Product	Versions
mantisbt	mantisbt	affected `< 2.28.2`

Weaknesses (CWE)

References

https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf

x_refsource_CONFIRM

https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d

x_refsource_MISC

https://mantisbt.org/bugs/view.php?id=36977

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.