CVE-2026-4858

🗓️ 21 May 2026 08:12:11Reported by MattermostType

CVE-2026-4858 enables path traversal in action URL to call arbitrary API with system token.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2026-4858	21 May 202608:12	–	attackerkb
Circl	CVE-2026-4858	19 May 202600:51	–	circl
CNNVD	Mattermost 路径遍历漏洞	21 May 202600:00	–	cnnvd
Cvelist	CVE-2026-4858 Path traversal in integration action URL leading to arbitrary API execution via system admin’s auth token.	21 May 202608:12	–	cvelist
EUVD	EUVD-2026-31242	21 May 202608:12	–	euvd
Tenable Nessus	Mattermost Server 10.11.x < 10.11.15 / 11.4.x < 11.4.5 / 11.5.x < 11.5.4 / 11.6.x < 11.6.1 Path Traversal (MMSA-2026-00640)	28 May 202600:00	–	nessus
NVD	CVE-2026-4858	21 May 202609:16	–	nvd
Positive Technologies	PT-2026-42439	21 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-4858	5 Jun 202619:14	–	redhatcve
Snyk	Directory Traversal	21 May 202611:46	–	snyk

NVD

Node

mattermost mattermost_serverRange10.11.0–10.11.15

mattermost mattermost_serverRange11.4.0–11.4.5

mattermost mattermost_serverRange11.5.0–11.5.4

mattermost mattermost_serverMatch11.6.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "11.6.0",
        "status": "affected",
        "version": "11.6.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "11.5.3",
        "status": "affected",
        "version": "11.5.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "11.4.4",
        "status": "affected",
        "version": "11.4.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.11.14",
        "status": "affected",
        "version": "10.11.0",
        "versionType": "semver"
      },
      {
        "version": "11.7.0",
        "status": "unaffected"
      },
      {
        "version": "11.6.1",
        "status": "unaffected"
      },
      {
        "version": "11.5.4",
        "status": "unaffected"
      },
      {
        "version": "11.4.5",
        "status": "unaffected"
      },
      {
        "version": "10.11.15",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

21 May 2026 19:43Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18 - 9.9

EPSS0.00046

SSVC

CWE-22