CVE-2026-7387
Mattermost CVE-2026-7387 affects multiple release lines (11.6.x up to 11.6.1, 11.5.x up to 11.5.4, 10.11.x up to 10.11.15/16). The root cause is that group-syncable link and patch endpoints do not require role-management authorization when setting the scheme_admin flag, enabling a user with group...