[HIGH] MantisBT has a Content Security Policy bypass via attachments

PKSA-vmj5-ycv9-cm2v CVE-2026-40597 GHSA-9c3j-xm6v-j7j3

Affected package: mantisbt/mantisbt

Affected version: <=2.28.1

Reported by:
GitHub