CVE-2026-42071 | mantisbt Mantis Bug Tracker up to 2.28.1 REST API Endpoint files mc_issue_attachment_get authorization

A vulnerability, which was classified as critical, was found in mantisbt Mantis Bug Tracker up to 2.28.1. This issue affects the function mc_issue_attachment_get of the file /api/rest/issues/{id}/files of the component REST API Endpoint. The manipulation results in missing authorization.

This vulnerability is reported as CVE-2026-42071. The attack can be launched remotely. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More