CVE-2026-30849CRITICAL 9.8EPSS p32.8%

CVE-2026-30849CVE-2026-30849

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion from string to integer. Using a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to. Version 2.28.1 contains a patch. Disabling the SOAP API significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.41% probability of exploitation · percentile 32.8% · 2026-06-19T12:03:05Z
Published2026-03-23
Last modified2026-03-25

Underlying weaknesses· 1

CWE-305

References

  1. https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f
  2. https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Primary Weaknesscwe-3050%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-47776
CVE
CVE-2026-37749
CVE
CVE-2025-70833
CVE
CVE-2026-48242
CVE
CVE-2026-29861
CVE
CVE-2026-24913
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.