Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-x3u5-kbm7-jbgh
Vulnerability ID VCID-x3u5-kbm7-jbgh
Aliases CVE-2026-40596
GHSA-j3v9-553h-x28j
Summary Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon exploitation, an XSS payload would be reflected on every MantisBT page. Leveraging another vulnerability (CSP bypass, see GHSA-9c3j-xm6v-j7j3), the attacker could achieve account takeover. This issue has been fixed in version 2.28.2.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2026-40596
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2026-40596
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2026-40596
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2026-40596
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-j3v9-553h-x28j
cvssv4 7.2 https://github.com/mantisbt/mantisbt
generic_textual HIGH https://github.com/mantisbt/mantisbt
cvssv4 7.2 https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
generic_textual HIGH https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
ssvc Track https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
cvssv4 7.2 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
generic_textual HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
ssvc Track https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
cvssv3.1_qr HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
cvssv4 7.2 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
generic_textual HIGH https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
ssvc Track https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
cvssv4 7.2 https://mantisbt.org/bugs/view.php?id=37011
generic_textual HIGH https://mantisbt.org/bugs/view.php?id=37011
ssvc Track https://mantisbt.org/bugs/view.php?id=37011
cvssv4 7.2 https://mantisbt.org/bugs/view.php?id=37016
generic_textual HIGH https://mantisbt.org/bugs/view.php?id=37016
ssvc Track https://mantisbt.org/bugs/view.php?id=37016
cvssv4 7.2 https://nvd.nist.gov/vuln/detail/CVE-2026-40596
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-40596
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-40596
https://github.com/mantisbt/mantisbt
https://nvd.nist.gov/vuln/detail/CVE-2026-40596
9e8409cdd979eba86ef532756fc47c1d8112d22d https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
GHSA-9c3j-xm6v-j7j3 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
GHSA-j3v9-553h-x28j https://github.com/advisories/GHSA-j3v9-553h-x28j
GHSA-j3v9-553h-x28j https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
view.php?id=37011 https://mantisbt.org/bugs/view.php?id=37011
view.php?id=37016 https://mantisbt.org/bugs/view.php?id=37016
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://github.com/mantisbt/mantisbt/commit/9e8409cdd979eba86ef532756fc47c1d8112d22d
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j3v9-553h-x28j
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://mantisbt.org/bugs/view.php?id=37011
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://mantisbt.org/bugs/view.php?id=37011
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://mantisbt.org/bugs/view.php?id=37016
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-22T20:10:08Z/ Found at https://mantisbt.org/bugs/view.php?id=37016
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L Found at https://nvd.nist.gov/vuln/detail/CVE-2026-40596
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.17888
EPSS Score 0.00056
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:53:08.472039+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/40xxx/CVE-2026-40596.json 38.6.0