ByteOS Network

NVD Vulnerability Details :

CVE-2026-34744

Received

Source-security-advisories@github.com

Published At-19 May, 2026 | 23:16

Updated At-19 May, 2026 | 23:16

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this vulnerability is minimal, considering that only attachments previously uploaded by the user themselves remain accessible. This issue has been fixed in version 2.82.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	security-advisories@github.com
CWE-281	Primary	security-advisories@github.com

CWE ID: CWE-200

Type: Primary

Source: security-advisories@github.com

CWE ID: CWE-281

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/mantisbt/mantisbt/commit/de7bdeec36de066235e38a77bf056917d951c84d	security-advisories@github.com	N/A
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-rmp5-5jj7-gmvf	security-advisories@github.com	N/A
https://mantisbt.org/bugs/view.php?id=36977	security-advisories@github.com	N/A