CVE-2026-2578
Mattermost (version 11.3.x, affected range up to 11.3.0) has a vulnerability where the redacted state of burn-on-read posts is not preserved during deletion. This allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event. CVSS v3.1 base score ...