CVE-2026-34970 – MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

CVE ID :CVE-2026-34970

Published : May 20, 2026, 12:16 a.m. | 43 minutes ago

Description :Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note’s Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-45585 – Windows BitLocker Security Feature Bypass Vulnerability

CVE-2026-39309 – Trilium Notes: macOS TCC Bypass via Prompt Spoofing

CVE-2026-35593 – Trilium Notes has Local File Inclusion via upload modified file API endpoint

CVE-2026-34754 – MantisBT allows unauthorized users to upload attachments to restricted issues via REST API