CVEFinder.io

CVE-2026-34754

🔶 medium
🔍 Scan for this CVE
Summary

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.

CVSS Score
4.3
Medium
EPSS Score
-
Published Date
2026-05-20
First Seen: 2026-05-20
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 5.4% of all 321,566 vulnerabilities in our database.

#304,103
Below average severity
Severity Percentile
Last Modified 2026-05-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE IDs (Weakness Types)
CWE-284

📦 Affected Products 0

No affected products information available

🔗 References 3

https://github.com/mantisbt/mantisbt/commit/b262b4d2...
https://github.com/mantisbt/mantisbt/security/adviso...
https://mantisbt.org/bugs/view.php?id=36976