Authentication Bypass in Mantis Bug Tracker SOAP API

CVE-2026-30849

What is CVE-2026-30849?

CVE-2026-30849 is a vulnerability found in the Mantis Bug Tracker (MantisBT), an open-source issue tracking system designed to help teams manage their software projects more effectively. This specific vulnerability pertains to the SOAP API of MantisBT in versions prior to 2.28.1, particularly when used with MySQL family databases. It stems from inadequate type checking of the password parameter, allowing attackers to bypass authentication mechanisms. By crafting a specially designed SOAP envelope and knowing only a victim’s username, an attacker can gain unauthorized access to the SOAP API. Once inside, the attacker can execute functions available to the victim’s account, potentially leading to unauthorized actions and data exposure.

Potential Impact of CVE-2026-30849

1. Unauthorized Access to User Accounts: Attackers exploiting this vulnerability can log in as legitimate users without needing their passwords, granting them the capability to manipulate project data or access sensitive information within the system.

2. Data Exposure: By gaining access through the SOAP API, an attacker can retrieve sensitive user account details, such as email addresses and real names, leading to potential privacy violations and further targeted attacks.

3. Operational Disruption: Malicious actions taken by unauthorized users could disrupt the normal functioning of the MantisBT instance, impacting project management, team communication, and overall productivity for organizations relying on this tool.

References