PT-2025-44808 · Unknown · Mantis Bug Tracker
Published
2025-11-03
·
Updated
2025-11-05
·
CVE-2025-46556
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mantis Bug Tracker versions 2.27.1 and below
Description
Mantis Bug Tracker is an open source issue tracker. A lack of server-side validation of note length allows attackers to permanently corrupt issue activity logs by submitting extremely long notes, tested with 4,788,761 characters. Once a note of this length is added, the activity stream user interface fails to render, preventing the display of new notes and disrupting collaboration on the issue.
Recommendations
Update to version 2.27.2 or later.
Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mantis Bug Tracker