Vulnerability in Mantisbt

CVE-2026-34390

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand (manage_proj_user_add.php) allow users ha…

EPSS: 0.000 (3.3th percentile) — read the EPSS interpretation.

Affected products

Mantisbt — versions < 2.28.2

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)