3 matches found
CVE-2026-28741
creationtimestamp| type| source ---|---|--- 2026-04-15 12:08:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjudayl732o 2026-04-16 11:35:11+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjmcwqgahd2b...
CVE-2026-28741
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...
CVE-2026-28741 CSRF Protection Bypass Allows Updating a User's Authentication Method
Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...