61 matches found
CVE-2026-5139
Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...
CVE-2026-5139
Mattermost plugin vulnerability CVE-2026-5139 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17. The issue arises in the /gitlab connect command handler where administrator authorization is not enforced for the setDefaultInstance call, allowing any ...
CVE-2026-5139 GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration
Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...
EUVD-2026-38246
Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...
PT-2026-51304
Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description Improper authorization in the GitLab connect command handler allows any authenticated user to overwrite the global default...
CVE-2026-6333
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash command trigger to match an already-registered trigger, potentially hijacking command...
Mattermost doesn't validate the Host header when constructing response URLs for custom slash command
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...
Mattermost doesn't enforce slash command trigger-word uniqueness during command updates
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...
CVE-2026-6333
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...
CVE-2026-28732
Mattermost fixes are for versions 11.5.x (up to 11.5.1), 10.11.x (up to 10.11.13), and 11.4.x (up to 11.4.3). The issue is a failure to enforce slash command trigger-word uniqueness during command updates, allowing an authenticated team member with Manage Own Slash Commands permission to hijack o...
CVE-2026-28732 Slash command trigger-word update allowed command hijacking
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...
CVE-2026-28732
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...
CVE-2026-28732 Slash command trigger-word update allowed command hijacking
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...
PT-2026-41649
Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.5.2 Mattermost versions prior to 10.11.14 Mattermost versions prior to 11.4.4 Description An issue exists where the system fails to enforce trigger-word uniqueness during the update of slash commands. This allow...
Mattermost 代码问题漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have code vulnerabilities. These vulnerabilities stem from the lack of validation of the...
GHSA-9Q36-67VC-RRWG OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions
Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...
CVE-2026-28392
OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open must be configured. Attackers can execute privileged slash commands via direct message to bypass...
CVE-2026-28392 OpenClaw < 2026.2.14 - Privilege Escalation in Slack Slash Command Handler via Direct Messages
OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open must be configured. Attackers can execute privileged slash commands via direct message to bypass...
CVE-2026-28392 OpenClaw < 2026.2.14 - Privilege Escalation in Slack Slash Command Handler via Direct Messages
OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open must be configured. Attackers can execute privileged slash commands via direct message to bypass...