EUVD-2026-30820

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

CVE-2026-33052

MantisBT (MantisBT) versions 2.28.0 and 2.28.1 permit a low-privileged authenticated user with add_profile_threshold to create a global profile by tampering with the user_id in a profile-creation request, enabling an authorization bypass. The issue is fixed in version 2.28.2. Affected component: ...