113 matches found
CVE-2026-8683
Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...
CVE-2026-8683
Mattermost Desktop App
CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed
Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...
PT-2026-49243
Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to properly handle attempts to open extremely long URLs. A malicious server owner can cause the application to crash by...
EUVD-2026-30757
Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...
CVE-2026-4643
Mattermost Desktop App versions ≤ 6.1, 6.0.1, and 5.4.13.0 are affected by a flaw where server-rendered content can invoke window.close() in the renderer context, causing the underlying application view to close and yielding a client‑level denial of service. Root cause: the app fails to prevent s...
EUVD-2026-30758
Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...
CVE-2026-4643 Calling window.close() from server-side content causes crash in the Mattermost Desktop App
Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...
CVE-2026-4643
Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...
Mattermost Desktop App 代码问题漏洞
The Mattermost Desktop App is a desktop application for message communication developed by the American company Mattermost. Versions 6.1, 6.0.1, and 5.4.13.0 of the Mattermost Desktop App have code vulnerabilities. These vulnerabilities stem from a failure to prevent servers from rendering conten...
CVE-2026-1628
Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...
EUVD-2026-9174
Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...
CVE-2026-1046
Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...
CVE-2026-1046 Arbitrary application execution via unvalidated server-controlled URLs in Help menu
Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...
Mattermost Desktop App 安全漏洞
The Mattermost Desktop App is a desktop application for message communication developed by the American company Mattermost. Versions 6.0, 6.2.0, and 5.2.13.0 of the Mattermost Desktop App have security vulnerabilities. These vulnerabilities stem from unvalidated help links, which could allow...
CVE-2019-20861
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link...
CVE-2019-20856
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection...
CVE-2024-39772
Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...
CVE-2024-39613
Mattermost Desktop App versions =5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine...
CVE-2025-1398
Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...