CVE-2026-34970

UNKNOWN 0.0

MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2.

CWE	CWE-200
Vendor	mantisbt
Product	mantisbt
Published	May 19, 2026
Last Updated	May 20, 2026

Stay Ahead of the Next One

Get instant alerts for mantisbt mantisbt

Be the first to know when new unknown vulnerabilities affecting mantisbt mantisbt are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

mantisbt / mantisbt

< 2.28.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/mantisbt/mantisbt/security/advisories/GHSA-crmx-4p49-46m2 github.com: https://github.com/mantisbt/mantisbt/commit/71df1f67e05b2050cd4bd87839e6cc13747cf03f mantisbt.org: https://mantisbt.org/bugs/view.php?id=36978