CVE-2025-6226
Mattermost Server contains an IDOR-like flaw (CVE-2025-6226) where authentication is not verified when retrieving cached posts by PendingPostID. Affected versions include 9.11.x <= 9.11.16, 10.5.x <= 10.5.6, 10.7.x <= 10.7.3, and 10.8.x