CVE-2026-40607

Summary

MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column

Severity

high

EPSS

0.5% (p38)

Also known as

GHSA-f633-865q-2mhh

Published

2026-05-11

References

• https://github.com/mantisbt/mantisbt/security/advisories/GHSA-f633-865q-2mhh
• https://nvd.nist.gov/vuln/detail/CVE-2026-40607
• https://github.com/mantisbt/mantisbt/commit/44f490bcf20fd491c1b8f3fc9dd041d8c2a30010

Related advisories

• CVE-2026-30849 — critical · Packagist/mantisbt/mantisbt
• CVE-2026-44657 — high · Packagist/mantisbt/mantisbt
• CVE-2026-44655 — high · Packagist/mantisbt/mantisbt
• CVE-2026-42071 — high · Packagist/mantisbt/mantisbt
• CVE-2026-40597 — high · Packagist/mantisbt/mantisbt
• CVE-2026-40596 — high · Packagist/mantisbt/mantisbt
• CVE-2026-34463 — high · Packagist/mantisbt/mantisbt
• CVE-2026-33548 — high · Packagist/mantisbt/mantisbt

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity