3 matches found
CVE-2026-5163
Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...
CVE-2026-5163
Mattermost 11.5.x prior to 11.5.2 (up to 11.5.1 affected) fails to verify channel membership when processing AI-assisted message rewrites, allowing an authenticated user to read content from threads in private channels and direct messages they should not access via a crafted request to the post r...
CVE-2026-5163 Missing authorization check in AI message rewrite endpoint allows access to private thread content
Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...