CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

EUVD-2026-19231

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

CVE-2026-3524 Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

CVE-2026-3524

CVE-2026-3524 affects Mattermost Plugin Legal Hold versions