CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/22 12:0 a.m.•7 views

Mattermost Server 11.4.x <= 11.4.3 / 11.5.x <= 11.5.1 Origin Validation Error (MMSA-2026-00636)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00636 advisory. - Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an...

Snyk•added 2026/05/18 11:45 a.m.•6 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the burn-on-read reveal endpoint due to missing validation of the X-Requested-With header. An attacker can force the unauthorized reveal of a burn-on-read message without recipient consent by sending a crafte...

5.3CVSS5.8AI score0.00016EPSS

Github Security Blog•added 2026/05/18 9:31 a.m.•7 views

Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint

Exploits0References4Affected Software2

OSV•added 2026/05/18 9:31 a.m.•5 views

GHSA-XVCX-MGPC-5XH3 Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint

NVD•added 2026/05/18 9:16 a.m.•11 views

Exploits0References4

CVE-2026-6339

4.3CVSS0.00016EPSS

ATTACKERKB•added 2026/05/18 8:5 a.m.•7 views

CVE-2026-6339

Exploits0References2Affected Software1

EUVD•added 2026/05/18 8:5 a.m.•13 views

EUVD-2026-30749

CVE•added 2026/05/18 8:5 a.m.•14 views

CVE-2026-6339

Mattermost contains a vulnerability (CVE-2026-6339) in versions 11.5.x <= 11.5.1 and 11.4.x

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/18 8:5 a.m.•6 views

CVE-2026-6339 Missing request origin validation on burn-on-read reveal endpoint

Cvelist•added 2026/05/18 8:5 a.m.•34 views

CVE-2026-6339 Missing request origin validation on burn-on-read reveal endpoint

4.3CVSS0.00016EPSS

CNNVD•added 2026/05/18 12:0 a.m.•5 views

Mattermost 访问控制错误漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, as well as 11.4.3 and earlier 11.4.x series, have a access control vulnerability. This vulnerability stems from the failure to validat...

Positive Technologies•added 2026/05/18 12:0 a.m.•8 views

PT-2026-41657

SUSE CVE•added 2026/03/28 6:28 p.m.•1 views

SUSE CVE-2026-2578

Mattermost versions 11.3.x = 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579...

4.3CVSS5.9AI score0.00043EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:8 p.m.•3 views

CVE-2026-2578

OSV•added 2026/03/23 6:14 p.m.•1 views

GO-2026-4734 Mattermost fails to preserve the redacted state of burn-on-read posts during deletion in github.com/mattermost/mattermost-server

Mattermost fails to preserve the redacted state of burn-on-read posts during deletion in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

EUVD•added 2026/03/16 3:30 p.m.•4 views

Exploits0References4

EUVD-2026-12415

Github Security Blog•added 2026/03/16 3:30 p.m.•8 views

Mattermost fails to preserve the redacted state of burn-on-read posts during deletion