CVE-2026-6343 Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

Incorrect Authorization

Overview github.com/mattermost/mattermost-plugin-playbooks/server/app is a package for reliable and repeatable processes using checklists, automation, and retrospectives Affected versions of this package are vulnerable to Incorrect Authorization through improper enforcement of channel member...

GHSA-3G36-GF7C-75QW Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of servi...

Mattermost Resource Management Error Vulnerability

Mattermost is an open source collaboration platform from the US-based company Mattermost. Mattermost suffers from a security vulnerability that stems from allowing an attacker to send specially crafted requests to cause the Playbooks plugin to crash...

Mattermost Plugin Playbooks 安全漏洞

Mattermost Plugins is a plugin from Mattermost USA that provides powerful feature extensions and tight integration with both server and web/desktop applications.An elevation of privilege vulnerability exists in Mattermost Playbooks Plugin version 1.25 and earlier, which stems from incorrectly...