Vulnerability Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2.
Related Weaknesses (CWE)
References
- https://github.com/mantisbt/mantisbt/commit/71df1f67e05b2050cd4bd87839e6cc13747c
- https://github.com/mantisbt/mantisbt/security/advisories/GHSA-crmx-4p49-46m2
- https://mantisbt.org/bugs/view.php?id=36978
- https://mantisbt.org/bugs/view.php?id=36978
FAQ
What is CVE-2026-34970?
CVE-2026-34970 is a documented vulnerability. Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. Thi...
How severe is CVE-2026-34970?
CVSS scoring is not yet available for CVE-2026-34970. Check NVD for updates.
Is there a patch for CVE-2026-34970?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.