Information disclosure in Mantisbt

CVE-2026-34744

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access re…

Vulnerability class: Information Disclosure

EPSS: 0.000 (2.5th percentile) — read the EPSS interpretation.