Mattermost Server 10.11.x < 10.11.17 / 11.5.x < 11.5.5 / 11.6.x < 11.6.2 Improper Authorization (MMSA-2026-00629)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00629 advisory. - Mattermost Server fails to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team...

RHSA-2026:19714 Red Hat Security Advisory: rhc-worker-playbook security update

Bulletin has no description...

CVE-2026-4055

Mattermost CVE-2026-4055 affects Mattermost versions 11.5.x

CVE-2026-4055 Insufficient permission validation on cross-team playbook run creation

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

EUVD-2026-31221

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

CVE-2026-4055 Insufficient permission validation on cross-team playbook run creation

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

PT-2026-42404

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level run create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API reques...

Important: Red Hat Security Advisory: rhc-worker-playbook security update

An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHSA-2026:19132 Red Hat Security Advisory: rhc-worker-playbook security update

Bulletin has no description...

Important: Red Hat Security Advisory: rhc-worker-playbook security update

An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 10 : rhc-worker-playbook (RHSA-2026:19132)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19132 advisory. A worker for yggdrasil that receives Ansible playbooks and executes them against the local host. Security Fixes: golang: net/url: Memory...

Incorrect Authorization

Overview github.com/mattermost/mattermost-plugin-playbooks/server/app is a package for reliable and repeatable processes using checklists, automation, and retrospectives Affected versions of this package are vulnerable to Incorrect Authorization via the PUT API endpoint when updating playbooks. A...

Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

GHSA-GVG4-JHMR-6J23 Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

CVE-2026-6343

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

CVE-2026-4286

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

CVE-2026-4286

Mattermost Playbooks plugin vulnerability CVE-2026-4286 affects Mattermost versions 11.5.x &lt;= 11.5.1 and 10.11.x

EUVD-2026-30750

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have security vulnerabilities. These vulnerabilities stem from the lack of checks during...