Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...

EUVD-2026-22873

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

PT-2026-33036

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.12 Description Improper validation of user ownership within the Connected Workspaces feature allows a malicious remote server to change the displayed status of local users via the Connected Workspaces...

Malicious code in workspaces_api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f6a19cbcf5e87f030986907a617618f131ae53ae924cff5278b008371bb49c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...