Auth bypass in Mantisbt

CVE-2026-42070

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default settings) to edit, change view state, and mod…

Vulnerability class: Broken Access Control

EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.