CVE-2026-4274

🗓️ 26 Mar 2026 10:43:24Reported by MattermostType

remote clusters can grant team access during membership sync, exposing private team access.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2026-4274	26 Mar 202610:43	–	attackerkb
Circl	CVE-2026-3109	27 Mar 202603:00	–	circl
Circl	CVE-2026-3112	27 Mar 202603:00	–	circl
Circl	CVE-2026-3113	27 Mar 202603:00	–	circl
Circl	CVE-2026-3114	27 Mar 202603:00	–	circl
Circl	CVE-2026-3115	27 Mar 202603:00	–	circl
Circl	CVE-2026-3116	27 Mar 202603:00	–	circl
Circl	CVE-2026-4274	16 Apr 202611:35	–	circl
CNNVD	Mattermost 安全漏洞	26 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-4274 Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access	26 Mar 202610:43	–	cvelist

NVD

Node

mattermost mattermost_serverRange10.11.0–10.11.11

mattermost mattermost_serverRange11.2.0–11.2.3

mattermost mattermost_serverRange11.3.0–11.3.2

mattermost mattermost_serverRange11.4.0–11.4.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "11.2.2",
        "status": "affected",
        "version": "11.2.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.11.10",
        "status": "affected",
        "version": "10.11.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "11.4.0",
        "status": "affected",
        "version": "11.4.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "11.3.1",
        "status": "affected",
        "version": "11.3.0",
        "versionType": "semver"
      },
      {
        "version": "11.5.0",
        "status": "unaffected"
      },
      {
        "version": "11.2.3",
        "status": "unaffected"
      },
      {
        "version": "10.11.11",
        "status": "unaffected"
      },
      {
        "version": "11.4.1",
        "status": "unaffected"
      },
      {
        "version": "11.3.2",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

26 Mar 2026 18:48Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.4

EPSS0.0004

SSVC

CWE-863