CVE-2026-34754 – MantisBT allows unauthorized users to upload attachments to restricted issues via REST API

CVE ID :CVE-2026-34754

Published : May 20, 2026, 12:16 a.m. | 43 minutes ago

Description :Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-45585 – Windows BitLocker Security Feature Bypass Vulnerability

CVE-2026-39309 – Trilium Notes: macOS TCC Bypass via Prompt Spoofing

CVE-2026-35593 – Trilium Notes has Local File Inclusion via upload modified file API endpoint

CVE-2026-34970 – MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked