Skip to main content

CVE-2026-34754

MEDIUM
Improper Access Control (CWE-284)
2026-05-11 https://github.com/mantisbt/mantisbt GHSA-h4x5-gvx6-3rwc
4.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 11, 2026 - 19:33 nvd
MEDIUM 4.3

DescriptionGitHub Advisory

Impact

MantisBT allows an authenticated user to upload attachments to private Issues they are not authorized to access.

Patches

  • b262b4d2835b81394d75356dead66e52a6275206

Workarounds

None.

Credits

Thanks to Vishal Shukla for discovering and responsibly reporting the issue.

Analysis

Impact

MantisBT allows an authenticated user to upload attachments to private Issues they are not authorized to access.

Patches

  • b262b4d2835b81394d75356dead66e52a6275206

Workarounds

None.

Credits

Thanks to Vishal Shukla for discovering and responsibly reporting the issue.

Share

CVE-2026-34754 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy