Mattermost Server 10.11.x < 10.11.17 / 11.5.x < 11.5.5 / 11.6.x < 11.6.2 Improper Authorization (MMSA-2026-00629)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00629 advisory. - Mattermost Server fails to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the API response process. An attacker can access sensitive information about team member roles by invoking various team API endpoints without having elevated permissions. Remediation Upgrade...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the process responsible for handling persistent notifications due to a failure to archive the channel before removing existing notifications. An attacker can cause the server to crash by timing the creation of a...

CVE-2026-5740

Mattermost CVE-2026-5740 is an unauthenticated denial-of-service issue affecting Mattermost Server versions 11.6.x up to 11.6.0, 11.5.x up to 11.5.3, 11.4.x up to 11.4.4, and 10.11.x up to 10.11.14. The root cause is improper validation of msgpack-encoded WebSocket frames before memory allocation...

CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

Mattermost Server 10.11.x <= 10.11.13 / 11.5.x <= 11.5.1 Multiple Vulnerabilities (MMSA-2026-00570 / MMSA-2026-00575 / MMSA-2026-00582 / MMSA-2026-00622)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost fails to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an...

Mattermost Server 11.5.x < 11.5.2 Missing Authorization (MMSA-2026-00645)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00645 advisory. - Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker t...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash command trigger to match an already-registered trigger, potentially hijacking command...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the support packet generation process. An attacker can access sensitive credentials in plaintext by downloading a support packet from the System Console. This is only exploitable if t...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the burn-on-read reveal endpoint due to missing validation of the X-Requested-With header. An attacker can force the unauthorized reveal of a burn-on-read message without recipient consent by sending a crafte...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the post update and patch API endpoints. An attacker can modify existing posts despite lacking posting privileges by sending crafted API requests. Remediation Upgrade...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to enforce multi-factor authentication on WebSocket connections, which allows an unauthenticated attacker to access sensitive information through WebSocket events...

Mattermost Server 10.11.x < 10.11.13 Improper Validation (MMSA-2026-00603)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00603 advisory. - Mattermost versions 10.11.x prior to 10.11.13 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicio...

Mattermost Server 10.11.x <= 10.11.13 / 11.3.x < 11.3.3 / 11.4.x < 11.4.3 / 11.5.x < 11.5.1 / 11.6.0 Multiple Vulnerabilities (MMSA-2026-00624 / MMSA-2026-00625)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker wit...

Improper Validation Of OAuth State Tokens

github.com/mattermost/mattermost-server is vulnerable to improper validation of OAuth state tokens. The vulnerability is due to insufficient validation during the OpenID Connect OAuth flow, which allows an attacker to manipulate authentication data and take over a user account under specific...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to failure to validate user channel membership when attaching posts to Jira issues, which allows an authenticated attacker with Jira plugin access to read post content and attachments from...

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to failure in validating the relationship between the post being updated and the MSTeams plugin OAuth flow, which allows an attacker to exploit this via a crafted OAuth redirect URL to edit...

Sensitive Information Exposure

github.com/mattermost/mattermost-server is vulnerable to sensitive information exposure. The vulnerability is due to improper sanitization of user data, which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to failure in enforcing the "Allow users to view archived channels" setting, which allows an attacker to access archived channel content and files via the "Open in Channel" functionality fro...