CVE-2026-34754

{"id": "CVE-2026-34754", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-05-20T00:16:34.857", "references": [{"url": "https://github.com/mantisbt/mantisbt/commit/b262b4d2835b81394d75356dead66e52a6275206", "source": "security-advisories@github.com"}, {"url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h4x5-gvx6-3rwc", "source": "security-advisories@github.com"}, {"url": "https://mantisbt.org/bugs/view.php?id=36976", "source": "security-advisories@github.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2."}], "lastModified": "2026-05-20T14:06:33.993", "sourceIdentifier": "security-advisories@github.com"}