Information disclosure in Mantisbt

CVE-2026-34970

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28…

Vulnerability class: Information Disclosure

EPSS: 0.000 (3.1th percentile) — read the EPSS interpretation.

Affected products

Mantisbt — versions < 2.28.2

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)