A critical vulnerability (CVE-2026-30849) has been identified in MantisBT 2.28.0 and earlier releases, affecting instances running on MySQL and compatible databases.
MantisBT 2.28.1 includes a fix addressing the issue and will be available on Monday, March 16th 2026, around 12:00 UTC. Be ready to patch your system right away ! All installations are advised to upgrade as quickly as possible.
Please read our blog post for further details.
Critical Security Issue in MantisBT <= 2.28.0
Moderators: Developer, Contributor