[MEDIUM] MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue

PKSA-mqx4-yq62-zbx3 CVE-2026-34744 GHSA-rmp5-5jj7-gmvf

Affected package: mantisbt/mantisbt

Affected version: <=2.28.1

Reported by:
GitHub