CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

SUSE CVE•added 2026/03/28 12:28 a.m.•2 views

SUSE CVE-2026-26304

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

4.3CVSS5.9AI score0.00042EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:6 p.m.•1 views

CVE-2026-26304

4.3CVSS5.8AI score0.00042EPSS

Exploits0References1

Snyk•added 2026/03/16 10:48 p.m.•3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the playbook run API when the runcreate permission is not verified for an empty playbookId. An attacker can initiate unauthorized playbook runs by sending crafted API requests. Remediation Upgrade...

5.3CVSS5.8AI score0.00042EPSS

Exploits0References2

OSV•added 2026/03/16 9:34 p.m.•2 views

GHSA-4PMX-622H-X359 Mattermost fails to verify run_create permission for empty playbookId

4.3CVSS5.8AI score0.00042EPSS

Exploits0References4

EUVD•added 2026/03/16 9:34 p.m.•2 views

EUVD-2026-12512

4.3CVSS5.8AI score0.00042EPSS

Exploits0References2

CVE•added 2026/03/16 7:53 p.m.•6 views

CVE-2026-26304

Mattermost vulnerability CVE-2026-26304 affects Mattermost server versions 11.3.x (up to 11.3.0) and 11.2.x (up to 11.2.2). The issue is a permission check bypass in the playbook run creation path: run_create permission for an empty playbookId is not verified, enabling team members to create unau...

4.3CVSS5.8AI score0.00042EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by