{"id":78649,"date":"2026-05-20T03:46:34","date_gmt":"2026-05-20T00:16:34","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-34754-mantisbt-allows-unauthorized-users-to-upload-attachments-to-restricted-issues-via-rest-api\/"},"modified":"2026-05-20T03:46:34","modified_gmt":"2026-05-20T00:16:34","slug":"cve-2026-34754-mantisbt-allows-unauthorized-users-to-upload-attachments-to-restricted-issues-via-rest-api","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-34754-mantisbt-allows-unauthorized-users-to-upload-attachments-to-restricted-issues-via-rest-api\/","title":{"rendered":"CVE-2026-34754 &#8211; MantisBT allows unauthorized users to upload attachments to restricted issues via REST API"},"content":{"rendered":"<p>CVE ID :CVE-2026-34754<\/p>\n<p>  Published : May 20, 2026, 12:16 a.m. | 43\u00a0minutes ago<\/p>\n<p>  Description :Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.<\/p>\n<p>  Severity: 4.3 | MEDIUM<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-34754 Published : May 20, 2026, 12:16 a.m. | 43\u00a0minutes ago Description :Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2. Severity: 4.3 | &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-78649","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78649","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=78649"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78649\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=78649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=78649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=78649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}