What is CVE-2026-34754?

CVE-2026-34754 is a medium-severity vulnerability in Mantisbt, classified under Improper Access Control. CVSS score: 4.3/10. Published 2026-05-20.

How severe is CVE-2026-34754?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Mantisbt

CVE-2026-34754

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.

EPSS: 0.000 (8.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Mantisbt — versions < 2.28.2

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-34754?: CVE-2026-34754 is a medium-severity vulnerability in Mantisbt, classified under Improper Access Control. CVSS score: 4.3/10. Published 2026-05-20.
How severe is CVE-2026-34754?: Medium severity. CVSS v3 base score is 4.3 out of 10.