CVE-2026-4055

Mattermost CVE-2026-4055 affects Mattermost versions 11.5.x

CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

CVE-2026-26304

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

EUVD-2026-12512

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

CVE-2026-26304

Mattermost vulnerability CVE-2026-26304 affects Mattermost server versions 11.3.x (up to 11.3.0) and 11.2.x (up to 11.2.2). The issue is a permission check bypass in the playbook run creation path: run_create permission for an empty playbookId is not verified, enabling team members to create unau...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, as well as 11.2.2 and earlier versions 11.2.x series, have security vulnerabilities. These vulnerabilities stem from the unauthorized...

PT-2026-25810

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify run create permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...