Mattermost doesn't limit the size of the request body on the start meeting API endpoint

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

EUVD-2026-30751

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

Mattermost Server 10.11.x < 10.11.13 Improper Validation (MMSA-2026-00603)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00603 advisory. - Mattermost versions 10.11.x prior to 10.11.13 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicio...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the authentication process. An attacker can gain unauthorized access to multiple authenticated...

Oracle Linux 8 : mariadb:10.11 (ELSA-2026-6435)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6435 advisory. galera 26.4.23-1 - Rebase to 26.4.23 Judy mariadb 3:10.11.15-1 - Rebase to 10.11.15 - Resolves: RHBZ2417697 3:10.11.14-1 - Rebase to 10.11.14 - Resolve...

mariadb:10.11 security update

galera 26.4.23-1 - Rebase to 26.4.23 Judy mariadb 3:10.11.15-1 - Rebase to 10.11.15 - Resolves: RHBZ2417697 3:10.11.14-1 - Rebase to 10.11.14 - Resolves: RHBZ2386961 3:10.11.13-1 - Rebase to 10.11.13 3:10.11.11-1 - Rebase to 10.11.11...