CVE-2026-44657

NONE

—CVSS v3

—CVSS v2

0.07% EPSS (exploit probability)

CWE-79CWE

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability is fixed in 2.28.2.

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE