11 matches found
CVE-2026-3472
Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...
CVE-2026-3472
CVE-2026-3472 affects Mattermost where specific versions (10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x
CVE-2026-27570
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...
AI Pulse: What Circadian Rhythms Reveal About AI Bot Behavior
...
CVE-2025-30392 Azure AI Bot Elevation of Privilege Vulnerability
...
CVE-2025-30392 Azure AI Bot Elevation of Privilege Vulnerability
...
Incorrect Authorization
github.com/mattermost/mattermost-server is vulnerable to Incorrect Authorization. The vulnerability is due to insufficient access control mechanisms within the integration between the AI and Wrangler plugins in Mattermost. Specifically, Mattermost fails to properly validate or restrict the use of...
CVE-2025-24839
Mattermost CVE-2025-24839 affects Mattermost Server 9.11.x <= 9.11.9, 10.4.x <= 10.4.3, and 10.5.x
CVE-2025-24839 Unauthorized AI bot activation via Wrangler plugin
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
CVE-2025-24839 Unauthorized AI bot activation via Wrangler plugin
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...
Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women
A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored...