A vulnerability classified as critical has been found in mantisbt Mantis Bug Tracker up to 2.28.1 . This vulnerability affects unknown code of the file manage_proj_user_add.php of the component Custom Fields Handler . This manipulation causes improper access controls. This vulnerability is handled as CVE-2026-34390 . The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.