Ghostwire

CVE-2026-40598: MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

MEDIUM CVSS 5.5 Exploit Available

Published: May 11, 2026 | Last Modified: May 11, 2026

Description

MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/mantisbt/mantisbt/security/advisories/GHSA-6jh4-47v2-4g37
github.com/mantisbt/mantisbt/commit/b1ebc57763f104eb5f541b7b4d1ce6948168abd9
mantisbt.org/bugs/view.php?id=37017
github.com/advisories/GHSA-6jh4-47v2-4g37
www.tenable.com/cve/CVE-2026-40598
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-40598