CVE-2026-2578 Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts

Mattermost versions 11.3.x = 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579...

CVE-2026-2578 Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts

Mattermost versions 11.3.x = 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579...

CVE-2026-2578

Mattermost (version 11.3.x, affected range up to 11.3.0) has a vulnerability where the redacted state of burn-on-read posts is not preserved during deletion. This allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event. CVSS v3.1 base score ...

EUVD-2019-11384

Malware in sbrugna...

EUVD-2023-33787

Malicious code in bioql PyPI...

CVE-2020-14457

An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...

BIT-MATTERMOST-2020-14457

An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...

BIT-MATTERMOST-2023-2281

When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team...

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability exists because the library fails to sanitize the related WebSocket event sent to currently connected clients, which allows an attacker to see the name, display name, description, and other data when...

CVE-2023-2281

When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team...

Sql injection

When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team...

CVE-2019-20847

An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a usertyping WebSocket event to any channel...

CVE-2019-20847

An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a usertyping WebSocket event to any channel...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...

Code injection

An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a usertyping WebSocket event to any channel...

CVE-2019-20847

Mattermost Server prior to version 5.18.0 is affected. A vulnerability allows an attacker to send a user_typing WebSocket event to any channel, indicating improper handling of WebSocket events. The issue is documented across multiple feeds (e.g., Red Hat advisory, CNVD) and is mitigated by updati...

CVE-2020-14457

An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...

PT-2020-14017 · Mattermost · Mattermost Server

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 5.20.0 Description: An issue was discovered in Mattermost Server where non-members can receive broadcasted team details via the update team WebSocket event. Recommendations: For versions prior to 5.20.0,...