80 matches found
CVE-2026-6062
CVE-2026-6062 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, and 10.11.x ≤ 10.11.17. The issue is a logic flaw where the system fails to validate channel ownership of an existing subscription before applying edits, enabling an authenticated attacker to hijack subsc...
CVE-2026-9162
Mattermost vulnerability CVE-2026-9162 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17. The issue: global session revocation does not invalidate cached authentication state for active WebSocket connections, allowing a user with an existing WebSock...
CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed
Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...
PT-2026-49238
Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to restrict the allow list of domains for NTLM credential forwarding. This allows a user on a server where the image proxy i...
CVE-2026-3433
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to restrict roleupdated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change...
CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...
EUVD-2026-36501
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...
PT-2026-48936
Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.6.2 Mattermost versions prior to 11.5.5 Mattermost versions prior to 10.11.17 Description A failure to validate that a username returned during bot registration belongs to a bot account allows an unprivileged...
PT-2026-48937
Name of the Vulnerable Software and Affected Versions Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 Description An issue exists where the system fails to enforce the PermissionInviteUser check when setting...
CVE-2026-3117
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...
CVE-2026-6342
Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID:...
CVE-2026-6343
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...
Mattermost Server 10.11.x < 10.11.17 / 11.5.x < 11.5.5 / 11.6.x < 11.6.2 Improper Authorization (MMSA-2026-00629)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00629 advisory. - Mattermost Server fails to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team...
EUVD-2026-31646
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an authenticated user to cause a denial of service server process termination via a crafted webhook...
CVE-2026-3473
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...
CVE-2026-4635 Persistent notification timing attack causing server denial of service
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...
CVE-2026-4635
Mattermost (versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x
PT-2026-42747
Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description An issue exists where the system fails to archive the channel before removing persistent notifications. This allows an...
CVE-2026-4858
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action...
PT-2026-42404
Name of the Vulnerable Software and Affected Versions Mattermost version 11.5.1 Description An issue exists where the system fails to validate the team-level run create permission against the target team during the creation of a playbook run. This allows an authenticated team member to create run...