4 matches found
CVE-2026-2454
Mattermost vulnerability CVE-2026-2454 affects Mattermost server versions 11.3.x (≤11.3.0), 11.2.x (≤11.2.2), and 10.11.x (≤10.11.10). The issue arises from incorrect handling of array lengths in error reports, enabling a malicious user to trigger OOMs and crash the server by sending corrupted ms...
CVE-2026-26304 Permission Bypass in Playbook Run Creation
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...
CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...
PT-2026-25686
Mattermost fails to bound memory allocation when processing PSD image files in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...