[HIGH] MantisBT has a Private Bugnote Attachment Content Leak via REST API

PKSA-d3fh-4w7k-rvy1 CVE-2026-42071 GHSA-pw5x-2mf9-3xc8

Affected package: mantisbt/mantisbt

Affected version: >=2.23.0,<=2.28.1

Reported by:
GitHub