CVE-2026-34390 | mantisbt Mantis Bug Tracker up to 2.28.1 Custom Fields manage_proj_user_add.php access control (GHSA-frf7-jhp9-jxm6)

A vulnerability classified as critical has been found in mantisbt Mantis Bug Tracker up to 2.28.1. This vulnerability affects unknown code of the file manage_proj_user_add.php of the component Custom Fields Handler. This manipulation causes improper access controls.

This vulnerability is handled as CVE-2026-34390. The attack can be initiated remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More