103 matches found
Mattermost Server 10.11.x <= 10.11.13 / 11.5.x <= 11.5.1 Multiple Vulnerabilities (MMSA-2026-00570 / MMSA-2026-00575 / MMSA-2026-00582 / MMSA-2026-00622)
The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost fails to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the invite confirmation process due to insufficient validation of the RefreshedToken. An attacker can bypass intended token rotation and reuse an original invite token by sending a crafted invite confirmation...
GHSA-HQPJ-F3JH-29VX Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...
Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...
CVE-2026-4273
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...
CVE-2026-4273 Insufficient token rotation validation in remote cluster invite confirmation
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...
CVE-2026-4273
Mattermost contains an insufficient validation flaw in remote cluster invite confirmation. Versions affected: 11.5.x ≤ 11.5.1 and 10.11.x ≤ 10.11.13. The RefreshedToken is not properly checked against the original invite token, allowing an authenticated attacker to bypass token rotation and reuse...
CVE-2026-4273
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...
EUVD-2026-30740
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...
CVE-2026-4273 Insufficient token rotation validation in remote cluster invite confirmation
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...
PT-2026-41643
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...
CVE-2026-43911
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's securitystamp is rotated by some security-sensitive operations password change, KDF change, key rotation, email change, org admin password reset, emergency access...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI
Summary Access tokens created with the "never expire" option have no exp JWT claim. Three independent revocation mechanisms fail for this token type. Logout at internal/handler/auth/auth.go:154 and :163 dereferences claims.ExpiresAt.Time, panicking on the nil field so the token never hits the...
Exploit for CVE-2026-43585
CVE-2026-43585 Overview Prior to version 2026.4.15, OpenC...
EUVD-2026-28182
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...
GHSA-M8WM-R5VQ-QJPG Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmxx-7p24-h892. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain...
CVE-2026-43585
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...
CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...
CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...