Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.5 views

CVE-2026-27659

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

4.6CVSS5.8AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.46 views

EUVD-2026-15806

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

4.6CVSS5.8AI score0.00123EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.15 views

CVE-2026-27659

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

4.6CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:33 p.m.22 views

CVE-2026-27659

Mattermost CSRF in UpdateAccessControlPolicyActiveStatus: versions 11.2.x ≤ 11.2.2, 10.11.x ≤ 10.11.10, 11.4.x ≤ 11.4.0, 11.3.x ≤ 11.3.1 fail to validate CSRF tokens on /api/v4/access_control_policies/{policy_id}/activate, enabling an attacker to trick an admin into changing an access control pol...

4.6CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder