10 matches found
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the mmctl component. An attacker can execute arbitrary terminal escape sequences by sending specially crafted messages, potentially leading to manipulation of administrator terminals, including screen...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the mmctl export download process. An attacker can gain unauthorized access to sensitive data by reading the bulk export file created with overly permissive file permissions...
EUVD-2026-16234
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
CVE-2026-3113
CVE-2026-3113 affects Mattermost (versions listed) where bulk exports fail to enforce file permissions during download, enabling other local server users to read exported contents. Root cause: permissions are not properly set on the downloaded bulk export, allowing access beyond the intended owne...
CVE-2026-3108
Mattermost: CVE-2026-3108 affects versions 11.2.x up to 11.2.2, 10.11.x up to 10.11.10, 11.4.x up to 11.4.0, and 11.3.x up to 11.3.1. The vulnerability arises from failure to sanitize user-controlled post content in mmctl commands terminal output, allowing crafted messages with ANSI/OSC escape se...
CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
CVE-2026-3108
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
PT-2026-28419
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The software does not properly sanitize user-controlled post...
PT-2020-14012 · Mattermost · Mattermost Server
Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 5.21.0 Description: An issue was discovered that allows directory traversal via HTTP. This issue affects Mattermost Server and is related to the mmctl component. Recommendations: For versions prior to 5.21....