Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bx5c-hd4c-r3hn
Vulnerability ID VCID-bx5c-hd4c-r3hn
Aliases CVE-2026-34744
GHSA-rmp5-5jj7-gmvf
Summary MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue MantisBT permits a user to list and download their own attachments from an Issue created by another user, even after that Issue becomes private and direct access to it is denied. ### Impact The loss of confidentiality caused by this vulnerability is minimal, considering that only the attachments that were previously uploaded by the user themselves remains accessible. ### Patches - de7bdeec36de066235e38a77bf056917d951c84d ### Workarounds None. ### Credits Thanks to Vishal Shukla for discovering and responsibly reporting the issue.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-281 Improper Preservation of Permissions
System Score Found at
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2026-34744
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2026-34744
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2026-34744
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-rmp5-5jj7-gmvf
cvssv4 5.3 https://github.com/mantisbt/mantisbt
generic_textual MODERATE https://github.com/mantisbt/mantisbt
cvssv4 5.3 https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d
generic_textual MODERATE https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d
ssvc Track https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d
cvssv3.1_qr MODERATE https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf
cvssv4 5.3 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf
generic_textual MODERATE https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf
ssvc Track https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf
cvssv4 5.3 https://mantisbt.org/bugs/view.php?id=36977
generic_textual MODERATE https://mantisbt.org/bugs/view.php?id=36977
ssvc Track https://mantisbt.org/bugs/view.php?id=36977
cvssv4 5.3 https://nvd.nist.gov/vuln/detail/CVE-2026-34744
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2026-34744
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-34744
https://github.com/mantisbt/mantisbt
https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf
https://mantisbt.org/bugs/view.php?id=36977
https://nvd.nist.gov/vuln/detail/CVE-2026-34744
GHSA-rmp5-5jj7-gmvf https://github.com/advisories/GHSA-rmp5-5jj7-gmvf
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/mantisbt/mantisbt
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:19:00Z/ Found at https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:19:00Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://mantisbt.org/bugs/view.php?id=36977
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T17:19:00Z/ Found at https://mantisbt.org/bugs/view.php?id=36977
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-34744
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.02532
EPSS Score 0.00014
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:03:56.577556+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-rmp5-5jj7-gmvf/GHSA-rmp5-5jj7-gmvf.json 38.6.0