Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3nbq-fmpp-bfa9
Vulnerability ID VCID-3nbq-fmpp-bfa9
Aliases CVE-2026-40596
GHSA-j3v9-553h-x28j
Summary
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2026-40596
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-j3v9-553h-x28j
cvssv4 7.2 https://github.com/mantisbt/mantisbt
generic_textual HIGH https://github.com/mantisbt/mantisbt
cvssv4 7.2 https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
generic_textual HIGH https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
ssvc Track https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
cvssv4 7.2 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
generic_textual HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
ssvc Track https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
cvssv3.1_qr HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
cvssv4 7.2 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
generic_textual HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
ssvc Track https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
cvssv4 7.2 https://mantisbt.org/bugs/view.php?id=37011
generic_textual HIGH https://mantisbt.org/bugs/view.php?id=37011
ssvc Track https://mantisbt.org/bugs/view.php?id=37011
cvssv4 7.2 https://mantisbt.org/bugs/view.php?id=37016
generic_textual HIGH https://mantisbt.org/bugs/view.php?id=37016
ssvc Track https://mantisbt.org/bugs/view.php?id=37016
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-40596
https://github.com/mantisbt/mantisbt
https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
https://mantisbt.org/bugs/view.php?id=37011
https://mantisbt.org/bugs/view.php?id=37016
GHSA-j3v9-553h-x28j https://github.com/advisories/GHSA-j3v9-553h-x28j
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://mantisbt.org/bugs/view.php?id=37011
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://mantisbt.org/bugs/view.php?id=37011
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://mantisbt.org/bugs/view.php?id=37016
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://mantisbt.org/bugs/view.php?id=37016
Exploit Prediction Scoring System (EPSS)
Percentile 0.17837
EPSS Score 0.00056
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T23:09:30.517634+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0