CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts

🗓️ 18 May 2026 06:53:29Reported by MattermostType

Mattermost fails to enforce create_post during edits, allowing revoked users to modify posts via updates.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2026-3637	18 May 202606:53	–	attackerkb
Circl	CVE-2026-3637	18 May 202608:30	–	circl
CNNVD	Mattermost 安全漏洞	18 May 202600:00	–	cnnvd
CVE	CVE-2026-3637	18 May 202606:53	–	cve
EUVD	EUVD-2026-30741	18 May 202606:53	–	euvd
Github Security Blog	Mattermost doesn't check the create_post channel permission during post edit operations	18 May 202609:31	–	github
Tenable Nessus	Mattermost Server 10.11.x <= 10.11.13 / 11.4.x <= 11.4.3 / 11.5.x <= 11.5.1 Multiple Vulnerabilities (MMSA-2026-00573 / MMSA-2026-00576 / MMSA-2026-00591 / MMSA-2026-00605 / MMSA-2026-00607 / MMSA-2026-00608 / MMSA-2026-00614 / MMSA-2026-00627)	22 May 202600:00	–	nessus
NVD	CVE-2026-3637	18 May 202608:16	–	nvd
OSV	GHSA-V549-XX3C-6PC8 Mattermost doesn't check the create_post channel permission during post edit operations	18 May 202609:31	–	osv
Positive Technologies	PT-2026-41642	18 May 202600:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "11.5.1",
        "status": "affected",
        "version": "11.5.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.11.13",
        "status": "affected",
        "version": "10.11.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "11.4.3",
        "status": "affected",
        "version": "11.4.0",
        "versionType": "semver"
      },
      {
        "version": "11.6.0",
        "status": "unaffected"
      },
      {
        "version": "11.5.2",
        "status": "unaffected"
      },
      {
        "version": "10.11.14",
        "status": "unaffected"
      },
      {
        "version": "11.4.4",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

18 May 2026 06:53Current

CVSS 3.14.3

EPSS0.00152

CWE-862