Auth bypass in Mantisbt

CVE-2026-34579

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bug_monitor_add.php, a user with…

Vulnerability class: Information Disclosure

EPSS: 0.000 (2.5th percentile) — read the EPSS interpretation.

Affected products

Mantisbt — versions < 2.28.2

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)