CVE-2026-57522

Summary (CVE-2026-57522): Bitwarden Server versions prior to 2026.5.0 are affected by a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), which substitutes user-controlled values into event-integration templates without JSON encoding. If an organization uses an event i...

CVE-2026-6339

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

PT-2026-42269

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

CVE-2026-6339

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

CVE-2026-6339

Mattermost contains a vulnerability (CVE-2026-6339) in versions 11.5.x <= 11.5.1 and 11.4.x

CVE-2026-6339 Missing request origin validation on burn-on-read reveal endpoint

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

PT-2026-41657

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.4.x through 11.4.3 Mattermost versions 11.5.x through 11.5.1 Description An issue exists where the burn-on-read reveal endpoint fails to validate the 'X-Requested-With' header. This allows an authenticated channel member...

GHSA-5MR9-CRCG-8WH2 Mattermost fails to use consistent error responses when handling the /mute command

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

Default configuration

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...