Exploit for Authentication Bypass by Primary Weakness in Mantisbt CVE-2026-30849

Name: Exploit for Authentication Bypass by Primary Weakness in Mantisbt CVE-2026-30849
Rating: 5 (6 reviews)

2026-06-06 | CVSS 9.8

## https://sploitus.com/exploit?id=9DC5C047-3346-54DD-8A66-8510CC489D5C
# CVE-2026-30849.ts — usage

This TypeScript script performs a check and an exploit for MantisBT via SOAP.

## Prerequisites

- Node.js installed
- Dependencies installed:

```bash
npm install
```

## Command

```bash
ts-node CVE-2026-30849.ts check --url 
ts-node CVE-2026-30849.ts exploit --url 
```

```bash
npx ts-node .\CVE-2026-30849.ts check --url http://mantis.local
npx ts-node .\CVE-2026-30849.ts exploit --url http://mantis.local
```

## Expected result

The script prints the detected version and compares it to the patched version `2.28.1`:

- version ` `VULNERABLE`
- version `>= 2.28.1` -> `NOT VULNERABLE`

If the version cannot be retrieved (endpoint unavailable, SOAP/curl error), the script exits with an error status.