CVE-2026-34754 | mantisbt Mantis Bug Tracker up to 2.28.1 Attachment access control (GHSA-h4x5-gvx6-3rwc)

Inserito da Angelo Barbosa | Mag 20, 2026 | CVE

A vulnerability was found in mantisbt Mantis Bug Tracker up to 2.28.1. It has been declared as critical. This affects an unknown part of the component Attachment Handler. Executing a manipulation can lead to improper access controls.

This vulnerability is tracked as CVE-2026-34754. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-34754 | mantisbt Mantis Bug Tracker up to 2.28.1 Attachment access control (GHSA-h4x5-gvx6-3rwc)

Post correlati

CVE-2025-55126 | Revive Adserver 6.0.2 Navigation Box cross site scripting

CVE-2024-39419 | Adobe Commerce/Magento Open Source up to 2.4.4-p9/2.4.5-p8/2.4.6-p6/2.4.7-p1 improper authorization (apsb24-61)

CVE-2023-48773 | WooCommerce Login Redirect Plugin up to 2.2.4 on WordPress cross-site request forgery

CVE-2024-35359 | Diño Physics School Assistant 2.3 Master.php id sql injection