[CRITICAL] MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL

PKSA-cwyv-kt56-ndf5 CVE-2026-30849 GHSA-phrq-pc6r-f6gh

Affected package: mantisbt/mantisbt

Affected version: <2.28.1

Reported by:
GitHub