Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/03/16 12:0 p.m.2 views

CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS6.4AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 12:0 p.m.27 views

CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 12:0 p.m.8 views

CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS7.3AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.17 views

PT-2026-25700

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS6.4AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder