Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/16 8:19 p.m.22 views

CVE-2026-26230 Team Admin Privilege Escalation to Demote Members to Guest

Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...

3.8CVSS0.00159EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.12 views

Mattermost fails to validate user's authentication method when processing account auth type switch

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

3.5CVSS5.8AI score0.00148EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/03/16 2:18 p.m.4 views

CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 10.11.10 and earlier, including 10.11.x, have security vulnerabilities. These vulnerabilities stem from the failure to invalidate cached preview data of fixed links whe...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References2
Rows per page
Query Builder