MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default settings) to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER (level 55) threshold required by the dedicated mc_issue_note_update() function. This vulnerability is fixed in 2.28.2.

Basic Information

ID CVE-2026-42070

Source GitHub_M

Published May 28, 2026 at 20:28

Affected Product

Vendor mantisbt

Product mantisbt

Version < 2.28.2

Affected Versions mantisbt mantisbt < 2.28.2

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default settings) to edit, change view state, and modify time tracking on bugnotes belonging to other users \u2014 bypassing the default DEVELOPER (level 55) threshold required by the dedicated mc_issue_note_update() function. This vulnerability is fixed in 2.28.2.",
    "published": "2026-05-28T20:28:20.369Z",
    "modified": "2026-05-28T20:28:20.369Z",
    "type": "cve",
    "title": "MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API",
    "source": "GitHub_M",
    "references": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-pq86-j2c2-47f6\nhttps://github.com/mantisbt/mantisbt/commit/6e58fae4f22efdc3987f903c8ba2611de17a9435\nhttps://mantisbt.org/bugs/view.php?id=37089\nhttps://mantisbt.org/bugs/view.php?id=37093",
    "id": "CVE-2026-42070",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "mantisbt mantisbt < 2.28.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mantisbt",
    "version": "< 2.28.2",
    "vendor": "mantisbt",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API_CVE-2026-42070