CVE-2026-6342

🗓️ 18 May 2026 07:00:24Reported by MattermostType

CVE-2026-6342: Mattermost plugins allow subscriptions to groups not whitelisted by creating groups with the same prefix.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-6342	18 May 202607:00	–	attackerkb
CNNVD	Mattermost Plugins 安全漏洞	18 May 202600:00	–	cnnvd
Cvelist	CVE-2026-6342 Group prefix matching bypass for subscriptions	18 May 202607:00	–	cvelist
EUVD	EUVD-2026-30745	18 May 202607:00	–	euvd
NVD	CVE-2026-6342	18 May 202608:16	–	nvd
Positive Technologies	PT-2026-41647	18 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-6342	5 Jun 202619:32	–	redhatcve
Snyk	Incorrect Authorization	18 May 202609:45	–	snyk
Vulnrichment	CVE-2026-6342 Group prefix matching bypass for subscriptions	18 May 202607:00	–	vulnrichment

NVD

Node

mattermost mattermost_serverRange10.13.0–10.13.11

mattermost mattermost_serverRange11.1.0–11.1.5

mattermost mattermost_serverRange11.3.0–11.3.4

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "11.1.5",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.13.11",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "11.3.4",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "version": "11.6.0",
        "status": "unaffected"
      },
      {
        "version": "11.5.2",
        "status": "unaffected"
      },
      {
        "version": "10.11.14",
        "status": "unaffected"
      },
      {
        "version": "11.4.4",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

29 May 2026 19:11Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.3

EPSS0.00031

SSVC

CWE-863