Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-28759

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 8:16 a.m.16 views

CVE-2026-28759

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...

4.3CVSS0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:50 a.m.10 views

CVE-2026-28759

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41640

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An issue exists during shared channel membership sync where the system fails to validate if a remote...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/07 2:59 a.m.56 views

CVE-2026-41662 Admidio: Missing Minimum Administrator Check in Role Membership Removal

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

5.2CVSS0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 2:59 a.m.10 views

CVE-2026-41662 Admidio: Missing Minimum Administrator Check in Role Membership Removal

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

5.2CVSS5.8AI score0.00285EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/29 9:53 p.m.10 views

Admidio Missing Minimum Administrator Check in Role Membership Removal

Summary Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other...

5.2CVSS5.4AI score0.00285EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder