anonhaven
Ad

CVE-2026-30849

CRITICAL CVSS 4.0: 9.3 EPSS 0.09%
Updated Mar 25, 2026
MySQL
Parameter Value
CVSS 9.3 (CRITICAL)
Affected Versions before 2.28.1
Fixed In 2.28.1
Type CWE-305
Vendor MySQL
Public PoC No

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion from string to integer.

Using a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to. Version 2.28.1 contains a patch. Disabling the SOAP API significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-305

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Mantisbt Mantisbt
cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
 2.28.1

References 2

https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a…
security-advisories@github.com
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4021

MySQL

8.1

CVE-2019-25576

MySQL

8.8

CVE-2026-32710

MySQL

8.5

CVE-2026-32949

MySQL

8.7

CVE-2026-32763

MySQL

8.2