HomeCVE Intelligence › CVE-2026-40596
CVSS 7.5 HIGH Vulnerability

CVE-2026-40596: MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font fami…

Any authenticated user can inject arbitrary HTML via updating their account's font family. Impact Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability (CS…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-40596
Vendorcomposer
Affected Productmantisbt/mantisbt
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

Any authenticated user can inject arbitrary HTML via updating their account's font family.

Impact

Cross-site scripting. The injected payload will be reflected in every MantisBT page. Leveraging another vulnerability (CSP bypass, see [GHSA-9c3j-xm6v-j7j3](https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3)), the attacker could achieve account takeover.

Patches

• 9e8409cdd979eba86ef532756fc47c1d8112d22d

Workarounds

None

Credits

Thanks to siunam (Tang Cheuk Hei) for discovering and responsibly reporting the issue.

🎯 Known Indicators of Compromise

{"type":"sha1","value":"9e8409cdd979eba86ef532756fc47c1d8112d22d","confidence_score":0.9,"first_seen":"2026-05-11","source_count":1} {"type":"url","value":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3)),","confidence_score":0.82,"first_seen":"2026-05-11","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-40596 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence