Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1255 vulnerabilities by Mattermost

    CVE-2026-9824 (GCVE-0-2026-9824)

    Vulnerability from nvd – Published: 2026-07-13 10:47 – Updated: 2026-07-13 13:10
    VLAI
    Title
    Remote cluster metadata enumeration via /share-channel autocomplete
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash command autocomplete.. Mattermost Advisory ID: MMSA-2026-00676
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    adamsec-dev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9824",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:10:30.276593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:10:35.463Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "adamsec-dev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash command autocomplete.. Mattermost Advisory ID: MMSA-2026-00676"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T10:47:33.070Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00676",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00676",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68827"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Remote cluster metadata enumeration via /share-channel autocomplete",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9824",
        "datePublished": "2026-07-13T10:47:33.070Z",
        "dateReserved": "2026-05-28T11:32:33.594Z",
        "dateUpdated": "2026-07-13T13:10:35.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9820 (GCVE-0-2026-9820)

    Vulnerability from nvd – Published: 2026-07-13 10:51 – Updated: 2026-07-13 13:09
    VLAI
    Title
    Mattermost schemes teams endpoint exposes private team invite IDs
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 10.11.x <= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API endpoint.. Mattermost Advisory ID: MMSA-2026-00671
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    0x7oda7123
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9820",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:09:24.482863Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:09:31.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0x7oda7123"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 10.11.x \u003c= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API endpoint.. Mattermost Advisory ID: MMSA-2026-00671"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T10:51:34.023Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00671",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00671",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68824"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost schemes teams endpoint exposes private team invite IDs",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9820",
        "datePublished": "2026-07-13T10:51:34.023Z",
        "dateReserved": "2026-05-28T11:26:12.173Z",
        "dateUpdated": "2026-07-13T13:09:31.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6541 (GCVE-0-2026-6541)

    Vulnerability from nvd – Published: 2026-07-13 10:53 – Updated: 2026-07-13 13:09
    VLAI
    Title
    Unscoped updates to other playbooks' metric configuration
    Summary
    Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user’s playbook metric settings via a crafted import or update request with a foreign metric ID. Mattermost Advisory ID: MMSA-2026-00653
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.1 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.2
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    hfreak_s
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:09:03.398556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:09:10.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.1",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "hfreak_s"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.1, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user\u2019s playbook metric settings via a crafted import or update request with a foreign metric ID. Mattermost Advisory ID: MMSA-2026-00653"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T10:53:15.958Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00653",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.2, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00653",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68371"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Unscoped updates to other playbooks\u0027 metric configuration",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6541",
        "datePublished": "2026-07-13T10:53:15.958Z",
        "dateReserved": "2026-04-17T17:54:44.831Z",
        "dateUpdated": "2026-07-13T13:09:10.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9708 (GCVE-0-2026-9708)

    Vulnerability from nvd – Published: 2026-07-13 08:00 – Updated: 2026-07-13 14:45
    VLAI
    Title
    Incoming webhook user attribution via unvalidated webhook owner
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via crafted incoming webhook configuration and payloads.. Mattermost Advisory ID: MMSA-2026-00683
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    arang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9708",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T14:44:57.510921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T14:45:16.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "arang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via crafted incoming webhook configuration and payloads.. Mattermost Advisory ID: MMSA-2026-00683"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:00:10.707Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00683",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00683",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-69009"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Incoming webhook user attribution via unvalidated webhook owner",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9708",
        "datePublished": "2026-07-13T08:00:10.707Z",
        "dateReserved": "2026-05-27T13:46:27.399Z",
        "dateUpdated": "2026-07-13T14:45:16.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9597 (GCVE-0-2026-9597)

    Vulnerability from nvd – Published: 2026-07-13 08:17 – Updated: 2026-07-13 13:55
    VLAI
    Title
    Deactivated guest accounts can authenticate via magic-link token in Mattermost REST API login endpoint
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - – Authentication Bypass by Primary Weakness
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Create a notification for this product.
    Credits
    alimursaliyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:55:09.692643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:55:15.448Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "alimursaliyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 \u2013 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:17:36.717Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00681",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00681",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Deactivated guest accounts can authenticate via magic-link token in Mattermost REST API login endpoint",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9597",
        "datePublished": "2026-07-13T08:17:36.717Z",
        "dateReserved": "2026-05-26T15:15:14.343Z",
        "dateUpdated": "2026-07-13T13:55:15.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9571 (GCVE-0-2026-9571)

    Vulnerability from nvd – Published: 2026-07-13 07:50 – Updated: 2026-07-13 07:50
    VLAI
    Title
    Deactivated user accounts can continue to obtain valid OAuth access tokens via refresh token grant in Mattermost
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token grant endpoint.. Mattermost Advisory ID: MMSA-2026-00680
    CWE
    • CWE-305 - – Authentication Bypass by Primary Weakness
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    kirs112
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kirs112"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token grant endpoint.. Mattermost Advisory ID: MMSA-2026-00680"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 \u2013 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T07:50:55.793Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00680",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00680",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68982"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Deactivated user accounts can continue to obtain valid OAuth access tokens via refresh token grant in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9571",
        "datePublished": "2026-07-13T07:50:55.793Z",
        "dateReserved": "2026-05-26T11:52:27.228Z",
        "dateUpdated": "2026-07-13T07:50:55.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6850 (GCVE-0-2026-6850)

    Vulnerability from nvd – Published: 2026-07-13 08:13 – Updated: 2026-07-13 13:56
    VLAI
    Title
    Crafted message attachment causes client-side denial of service via markdown parser regex backtracking in Mattermost
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    idr
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6850",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:56:09.905130Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:56:16.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "idr"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:13:02.883Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00658",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00658",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68424"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Crafted message attachment causes client-side denial of service via markdown parser regex backtracking in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6850",
        "datePublished": "2026-07-13T08:13:02.883Z",
        "dateReserved": "2026-04-22T10:05:15.625Z",
        "dateUpdated": "2026-07-13T13:56:16.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10106 (GCVE-0-2026-10106)

    Vulnerability from nvd – Published: 2026-07-13 08:09 – Updated: 2026-07-13 13:56
    VLAI
    Title
    Unauthorized users can trigger interactive post actions in private channels via action cookie channel mismatch in Mattermost
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    minghseinyuc86595
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:56:34.893294Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:56:41.047Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "minghseinyuc86595"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:09:58.717Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00690",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00690",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-69059"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Unauthorized users can trigger interactive post actions in private channels via action cookie channel mismatch in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-10106",
        "datePublished": "2026-07-13T08:09:58.717Z",
        "dateReserved": "2026-05-29T16:06:43.719Z",
        "dateUpdated": "2026-07-13T13:56:41.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10103 (GCVE-0-2026-10103)

    Vulnerability from nvd – Published: 2026-07-13 07:57 – Updated: 2026-07-13 07:57
    VLAI
    Title
    Authenticated remote cluster can modify or delete posts it does not own in Mattermost Connected Workspaces shared channels
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing arbitrary post IDs in channels shared with that remote.. Mattermost Advisory ID: MMSA-2026-00689
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    ratrarity
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ratrarity"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing arbitrary post IDs in channels shared with that remote.. Mattermost Advisory ID: MMSA-2026-00689"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T07:57:11.062Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00689",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00689",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-69056"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated remote cluster can modify or delete posts it does not own in Mattermost Connected Workspaces shared channels",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-10103",
        "datePublished": "2026-07-13T07:57:11.062Z",
        "dateReserved": "2026-05-29T15:37:04.097Z",
        "dateUpdated": "2026-07-13T07:57:11.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10085 (GCVE-0-2026-10085)

    Vulnerability from nvd – Published: 2026-07-13 08:05 – Updated: 2026-07-13 13:57
    VLAI
    Title
    Ordinary group/direct message member can enable group_constrained and remove all channel participants
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    se1en
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:56:53.842683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:57:00.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "se1en"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:05:42.370Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00688",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00688",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-69050"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Ordinary group/direct message member can enable group_constrained and remove all channel participants",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-10085",
        "datePublished": "2026-07-13T08:05:42.370Z",
        "dateReserved": "2026-05-29T11:54:45.722Z",
        "dateUpdated": "2026-07-13T13:57:00.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9699 (GCVE-0-2026-9699)

    Vulnerability from nvd – Published: 2026-06-26 14:43 – Updated: 2026-06-26 15:40
    VLAI
    Title
    Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors
    Summary
    Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log Files
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 0 , ≤ 10.18.11 (semver)
    Affected: 0 , ≤ 11.3.6 (semver)
    Affected: 0 , ≤ 11.6.5 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    Edgar Bellot Micó
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:40:45.502984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:40:52.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.18.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.3.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Edgar Bellot Mic\u00f3"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost Plugins versions \u003c=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log Files",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:43:51.702Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00609",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost Plugins to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00609",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67547"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9699",
        "datePublished": "2026-06-26T14:43:51.702Z",
        "dateReserved": "2026-05-27T12:08:53.502Z",
        "dateUpdated": "2026-06-26T15:40:52.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4339 (GCVE-0-2026-4339)

    Vulnerability from nvd – Published: 2026-06-26 14:44 – Updated: 2026-06-26 15:40
    VLAI
    Title
    SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server
    Summary
    Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 10.11.0 , ≤ 10.11.18 (semver)
    Affected: 11.6.0 , ≤ 11.6.3 (semver)
    Affected: 11.5.0 , ≤ 11.5.6 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    s00me00ne
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4339",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:40:26.600436Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:40:33.300Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.11.18",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.3",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.6",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "s00me00ne"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 10.11.x \u003c= 10.11.18, 11.6.x \u003c= 11.6.3, 11.5.x \u003c= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:44:58.655Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00635",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00635",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67950"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-4339",
        "datePublished": "2026-06-26T14:44:58.655Z",
        "dateReserved": "2026-03-17T14:57:10.575Z",
        "dateUpdated": "2026-06-26T15:40:33.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3472 (GCVE-0-2026-3472)

    Vulnerability from nvd – Published: 2026-06-26 14:42 – Updated: 2026-06-26 15:41
    VLAI
    Title
    Markdown image rendering bypass in AI bot tool result posts in Mattermost
    Summary
    Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 10.11.0 , ≤ 10.11.18 (semver)
    Affected: 11.6.0 , ≤ 11.6.3 (semver)
    Affected: 11.5.0 , ≤ 11.5.6 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    Juho Forsén
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:41:02.864491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:41:09.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.11.18",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.3",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.6",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juho Fors\u00e9n"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 10.11.x \u003c= 10.11.18, 11.6.x \u003c= 11.6.3, 11.5.x \u003c= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim\u0027s client.. Mattermost Advisory ID: MMSA-2026-00619"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:42:24.154Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00619",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00619",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67751"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "Markdown image rendering bypass in AI bot tool result posts in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-3472",
        "datePublished": "2026-06-26T14:42:24.154Z",
        "dateReserved": "2026-03-03T11:25:53.785Z",
        "dateUpdated": "2026-06-26T15:41:09.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13426 (GCVE-0-2026-13426)

    Vulnerability from nvd – Published: 2026-06-26 13:47 – Updated: 2026-06-26 14:39
    VLAI
    Title
    Client4 fails to validate path parameters
    Summary
    The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost Advisory ID: MMSA-2025-00532
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost github.com/mattermost/mattermost/server/public Affected: v0.0.0 , < v0.1.22 (semver)
    Unaffected: v0.1.22
    Create a notification for this product.
    Credits
    Juho Forsén
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13426",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T14:38:53.805003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T14:39:00.126Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "github.com/mattermost/mattermost/server/public",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThan": "v0.1.22",
                  "status": "affected",
                  "version": "v0.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "v0.1.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juho Fors\u00e9n"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Mattermost Go module github.com/mattermost/mattermost/server/public versions \u003c v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost Advisory ID: MMSA-2025-00532"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T13:47:10.090Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2025-00532",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update the github.com/mattermost/mattermost/server/public module to v0.1.22 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2025-00532",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-65969"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "Client4 fails to validate path parameters"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-13426",
        "datePublished": "2026-06-26T13:47:10.090Z",
        "dateReserved": "2026-06-26T13:32:10.276Z",
        "dateUpdated": "2026-06-26T14:39:00.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2299 (GCVE-0-2026-2299)

    Vulnerability from nvd – Published: 2026-06-25 18:55 – Updated: 2026-06-26 14:05
    VLAI
    Title
    Improper Access Control in Mattermost Google Drive Plugin File Creation Endpoint
    Summary
    The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Google Drive Plugin Affected: 0 , ≤ 1.0.0 (semver)
    Unaffected: 1.1.0
    Create a notification for this product.
    Credits
    Lorenzo Gallegos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T14:04:57.007408Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T14:05:09.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost Google Drive Plugin",
              "repo": "https://github.com/mattermost/mattermost-plugin-google-drive",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "1.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lorenzo Gallegos"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership."
                }
              ],
              "value": "The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T18:55:11.905Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "url": "https://github.com/mattermost/mattermost-plugin-google-drive/releases/tag/v1.1.0"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUpdate Mattermost Google Drive plugin to version 1.1.0 or higher.\u003c/p\u003e"
                }
              ],
              "value": "Update Mattermost Google Drive plugin to version 1.1.0 or higher."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Mattermost Google Drive Plugin File Creation Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-2299",
        "datePublished": "2026-06-25T18:55:11.905Z",
        "dateReserved": "2026-02-10T16:46:56.322Z",
        "dateUpdated": "2026-06-26T14:05:09.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6541 (GCVE-0-2026-6541)

    Vulnerability from cvelistv5 – Published: 2026-07-13 10:53 – Updated: 2026-07-13 13:09
    VLAI
    Title
    Unscoped updates to other playbooks' metric configuration
    Summary
    Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user’s playbook metric settings via a crafted import or update request with a foreign metric ID. Mattermost Advisory ID: MMSA-2026-00653
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.1 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.2
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    hfreak_s
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:09:03.398556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:09:10.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.1",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "hfreak_s"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.1, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user\u2019s playbook metric settings via a crafted import or update request with a foreign metric ID. Mattermost Advisory ID: MMSA-2026-00653"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T10:53:15.958Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00653",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.2, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00653",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68371"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Unscoped updates to other playbooks\u0027 metric configuration",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6541",
        "datePublished": "2026-07-13T10:53:15.958Z",
        "dateReserved": "2026-04-17T17:54:44.831Z",
        "dateUpdated": "2026-07-13T13:09:10.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9820 (GCVE-0-2026-9820)

    Vulnerability from cvelistv5 – Published: 2026-07-13 10:51 – Updated: 2026-07-13 13:09
    VLAI
    Title
    Mattermost schemes teams endpoint exposes private team invite IDs
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 10.11.x <= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API endpoint.. Mattermost Advisory ID: MMSA-2026-00671
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    0x7oda7123
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9820",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:09:24.482863Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:09:31.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0x7oda7123"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 10.11.x \u003c= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API endpoint.. Mattermost Advisory ID: MMSA-2026-00671"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T10:51:34.023Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00671",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00671",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68824"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost schemes teams endpoint exposes private team invite IDs",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9820",
        "datePublished": "2026-07-13T10:51:34.023Z",
        "dateReserved": "2026-05-28T11:26:12.173Z",
        "dateUpdated": "2026-07-13T13:09:31.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9824 (GCVE-0-2026-9824)

    Vulnerability from cvelistv5 – Published: 2026-07-13 10:47 – Updated: 2026-07-13 13:10
    VLAI
    Title
    Remote cluster metadata enumeration via /share-channel autocomplete
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash command autocomplete.. Mattermost Advisory ID: MMSA-2026-00676
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    adamsec-dev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9824",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:10:30.276593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:10:35.463Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "adamsec-dev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash command autocomplete.. Mattermost Advisory ID: MMSA-2026-00676"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T10:47:33.070Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00676",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00676",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68827"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Remote cluster metadata enumeration via /share-channel autocomplete",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9824",
        "datePublished": "2026-07-13T10:47:33.070Z",
        "dateReserved": "2026-05-28T11:32:33.594Z",
        "dateUpdated": "2026-07-13T13:10:35.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9597 (GCVE-0-2026-9597)

    Vulnerability from cvelistv5 – Published: 2026-07-13 08:17 – Updated: 2026-07-13 13:55
    VLAI
    Title
    Deactivated guest accounts can authenticate via magic-link token in Mattermost REST API login endpoint
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - – Authentication Bypass by Primary Weakness
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Create a notification for this product.
    Credits
    alimursaliyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:55:09.692643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:55:15.448Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "alimursaliyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 \u2013 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:17:36.717Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00681",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00681",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Deactivated guest accounts can authenticate via magic-link token in Mattermost REST API login endpoint",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9597",
        "datePublished": "2026-07-13T08:17:36.717Z",
        "dateReserved": "2026-05-26T15:15:14.343Z",
        "dateUpdated": "2026-07-13T13:55:15.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6850 (GCVE-0-2026-6850)

    Vulnerability from cvelistv5 – Published: 2026-07-13 08:13 – Updated: 2026-07-13 13:56
    VLAI
    Title
    Crafted message attachment causes client-side denial of service via markdown parser regex backtracking in Mattermost
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1333 - Inefficient Regular Expression Complexity
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    idr
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6850",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:56:09.905130Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:56:16.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "idr"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1333",
                  "description": "CWE-1333: Inefficient Regular Expression Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:13:02.883Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00658",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00658",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68424"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Crafted message attachment causes client-side denial of service via markdown parser regex backtracking in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6850",
        "datePublished": "2026-07-13T08:13:02.883Z",
        "dateReserved": "2026-04-22T10:05:15.625Z",
        "dateUpdated": "2026-07-13T13:56:16.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10106 (GCVE-0-2026-10106)

    Vulnerability from cvelistv5 – Published: 2026-07-13 08:09 – Updated: 2026-07-13 13:56
    VLAI
    Title
    Unauthorized users can trigger interactive post actions in private channels via action cookie channel mismatch in Mattermost
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    minghseinyuc86595
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:56:34.893294Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:56:41.047Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "minghseinyuc86595"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:09:58.717Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00690",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00690",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-69059"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Unauthorized users can trigger interactive post actions in private channels via action cookie channel mismatch in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-10106",
        "datePublished": "2026-07-13T08:09:58.717Z",
        "dateReserved": "2026-05-29T16:06:43.719Z",
        "dateUpdated": "2026-07-13T13:56:41.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10085 (GCVE-0-2026-10085)

    Vulnerability from cvelistv5 – Published: 2026-07-13 08:05 – Updated: 2026-07-13 13:57
    VLAI
    Title
    Ordinary group/direct message member can enable group_constrained and remove all channel participants
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    se1en
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T13:56:53.842683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T13:57:00.893Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "se1en"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:05:42.370Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00688",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00688",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-69050"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Ordinary group/direct message member can enable group_constrained and remove all channel participants",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-10085",
        "datePublished": "2026-07-13T08:05:42.370Z",
        "dateReserved": "2026-05-29T11:54:45.722Z",
        "dateUpdated": "2026-07-13T13:57:00.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9708 (GCVE-0-2026-9708)

    Vulnerability from cvelistv5 – Published: 2026-07-13 08:00 – Updated: 2026-07-13 14:45
    VLAI
    Title
    Incoming webhook user attribution via unvalidated webhook owner
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via crafted incoming webhook configuration and payloads.. Mattermost Advisory ID: MMSA-2026-00683
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    arang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9708",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T14:44:57.510921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T14:45:16.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "arang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via crafted incoming webhook configuration and payloads.. Mattermost Advisory ID: MMSA-2026-00683"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T08:00:10.707Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00683",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00683",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-69009"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Incoming webhook user attribution via unvalidated webhook owner",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9708",
        "datePublished": "2026-07-13T08:00:10.707Z",
        "dateReserved": "2026-05-27T13:46:27.399Z",
        "dateUpdated": "2026-07-13T14:45:16.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10103 (GCVE-0-2026-10103)

    Vulnerability from cvelistv5 – Published: 2026-07-13 07:57 – Updated: 2026-07-13 07:57
    VLAI
    Title
    Authenticated remote cluster can modify or delete posts it does not own in Mattermost Connected Workspaces shared channels
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing arbitrary post IDs in channels shared with that remote.. Mattermost Advisory ID: MMSA-2026-00689
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    ratrarity
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ratrarity"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing arbitrary post IDs in channels shared with that remote.. Mattermost Advisory ID: MMSA-2026-00689"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T07:57:11.062Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00689",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00689",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-69056"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated remote cluster can modify or delete posts it does not own in Mattermost Connected Workspaces shared channels",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-10103",
        "datePublished": "2026-07-13T07:57:11.062Z",
        "dateReserved": "2026-05-29T15:37:04.097Z",
        "dateUpdated": "2026-07-13T07:57:11.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9571 (GCVE-0-2026-9571)

    Vulnerability from cvelistv5 – Published: 2026-07-13 07:50 – Updated: 2026-07-13 07:50
    VLAI
    Title
    Deactivated user accounts can continue to obtain valid OAuth access tokens via refresh token grant in Mattermost
    Summary
    Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token grant endpoint.. Mattermost Advisory ID: MMSA-2026-00680
    CWE
    • CWE-305 - – Authentication Bypass by Primary Weakness
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
    Affected: 11.6.0 , ≤ 11.6.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.19 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.3
    Unaffected: 11.6.5
    Unaffected: 10.11.20
    Create a notification for this product.
    Credits
    kirs112
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.2",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.4",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.19",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "kirs112"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token grant endpoint.. Mattermost Advisory ID: MMSA-2026-00680"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 \u2013 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T07:50:55.793Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00680",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00680",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68982"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Deactivated user accounts can continue to obtain valid OAuth access tokens via refresh token grant in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9571",
        "datePublished": "2026-07-13T07:50:55.793Z",
        "dateReserved": "2026-05-26T11:52:27.228Z",
        "dateUpdated": "2026-07-13T07:50:55.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4339 (GCVE-0-2026-4339)

    Vulnerability from cvelistv5 – Published: 2026-06-26 14:44 – Updated: 2026-06-26 15:40
    VLAI
    Title
    SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server
    Summary
    Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 10.11.0 , ≤ 10.11.18 (semver)
    Affected: 11.6.0 , ≤ 11.6.3 (semver)
    Affected: 11.5.0 , ≤ 11.5.6 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    s00me00ne
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4339",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:40:26.600436Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:40:33.300Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.11.18",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.3",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.6",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "s00me00ne"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 10.11.x \u003c= 10.11.18, 11.6.x \u003c= 11.6.3, 11.5.x \u003c= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:44:58.655Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00635",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00635",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67950"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-4339",
        "datePublished": "2026-06-26T14:44:58.655Z",
        "dateReserved": "2026-03-17T14:57:10.575Z",
        "dateUpdated": "2026-06-26T15:40:33.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9699 (GCVE-0-2026-9699)

    Vulnerability from cvelistv5 – Published: 2026-06-26 14:43 – Updated: 2026-06-26 15:40
    VLAI
    Title
    Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors
    Summary
    Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log Files
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 0 , ≤ 10.18.11 (semver)
    Affected: 0 , ≤ 11.3.6 (semver)
    Affected: 0 , ≤ 11.6.5 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    Edgar Bellot Micó
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:40:45.502984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:40:52.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.18.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.3.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Edgar Bellot Mic\u00f3"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost Plugins versions \u003c=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log Files",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:43:51.702Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00609",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost Plugins to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00609",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67547"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9699",
        "datePublished": "2026-06-26T14:43:51.702Z",
        "dateReserved": "2026-05-27T12:08:53.502Z",
        "dateUpdated": "2026-06-26T15:40:52.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3472 (GCVE-0-2026-3472)

    Vulnerability from cvelistv5 – Published: 2026-06-26 14:42 – Updated: 2026-06-26 15:41
    VLAI
    Title
    Markdown image rendering bypass in AI bot tool result posts in Mattermost
    Summary
    Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 10.11.0 , ≤ 10.11.18 (semver)
    Affected: 11.6.0 , ≤ 11.6.3 (semver)
    Affected: 11.5.0 , ≤ 11.5.6 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    Juho Forsén
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:41:02.864491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:41:09.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.11.18",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.3",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.6",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juho Fors\u00e9n"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 10.11.x \u003c= 10.11.18, 11.6.x \u003c= 11.6.3, 11.5.x \u003c= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim\u0027s client.. Mattermost Advisory ID: MMSA-2026-00619"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:42:24.154Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00619",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00619",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67751"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "Markdown image rendering bypass in AI bot tool result posts in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-3472",
        "datePublished": "2026-06-26T14:42:24.154Z",
        "dateReserved": "2026-03-03T11:25:53.785Z",
        "dateUpdated": "2026-06-26T15:41:09.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13426 (GCVE-0-2026-13426)

    Vulnerability from cvelistv5 – Published: 2026-06-26 13:47 – Updated: 2026-06-26 14:39
    VLAI
    Title
    Client4 fails to validate path parameters
    Summary
    The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost Advisory ID: MMSA-2025-00532
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost github.com/mattermost/mattermost/server/public Affected: v0.0.0 , < v0.1.22 (semver)
    Unaffected: v0.1.22
    Create a notification for this product.
    Credits
    Juho Forsén
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13426",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T14:38:53.805003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T14:39:00.126Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "github.com/mattermost/mattermost/server/public",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThan": "v0.1.22",
                  "status": "affected",
                  "version": "v0.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "v0.1.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juho Fors\u00e9n"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Mattermost Go module github.com/mattermost/mattermost/server/public versions \u003c v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost Advisory ID: MMSA-2025-00532"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T13:47:10.090Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2025-00532",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update the github.com/mattermost/mattermost/server/public module to v0.1.22 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2025-00532",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-65969"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "Client4 fails to validate path parameters"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-13426",
        "datePublished": "2026-06-26T13:47:10.090Z",
        "dateReserved": "2026-06-26T13:32:10.276Z",
        "dateUpdated": "2026-06-26T14:39:00.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CERTFR-2026-AVI-0813

    Vulnerability from certfr_avis - Published: 2026-06-29 - Updated: 2026-06-29

    De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Mattermost Mattermost Server Mattermost Server versions 11.7.x antérieures à 11.7.5
    Mattermost Mattermost Server Mattermost Server versions 11.8.x antérieures à 11.8.2
    Mattermost Mattermost Server Mattermost Server versions 11.6.x antérieures à 11.6.6
    Mattermost Mattermost Server Mattermost Server versions 10.11.x antérieures à 10.11.21
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Mattermost Server versions 11.7.x ant\u00e9rieures \u00e0 11.7.5",
          "product": {
            "name": "Mattermost Server",
            "vendor": {
              "name": "Mattermost",
              "scada": false
            }
          }
        },
        {
          "description": "Mattermost Server versions 11.8.x ant\u00e9rieures \u00e0 11.8.2",
          "product": {
            "name": "Mattermost Server",
            "vendor": {
              "name": "Mattermost",
              "scada": false
            }
          }
        },
        {
          "description": "Mattermost Server versions 11.6.x ant\u00e9rieures \u00e0 11.6.6",
          "product": {
            "name": "Mattermost Server",
            "vendor": {
              "name": "Mattermost",
              "scada": false
            }
          }
        },
        {
          "description": "Mattermost Server versions 10.11.x ant\u00e9rieures \u00e0 10.11.21",
          "product": {
            "name": "Mattermost Server",
            "vendor": {
              "name": "Mattermost",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [],
      "initial_release_date": "2026-06-29T00:00:00",
      "last_revision_date": "2026-06-29T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0813",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-29T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mattermost Server. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mattermost Server",
      "vendor_advisories": [
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00694",
          "url": "https://mattermost.com/security-updates/"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00681",
          "url": "https://mattermost.com/security-updates/"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00695",
          "url": "https://mattermost.com/security-updates/"
        },
        {
          "published_at": "2026-06-26",
          "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00666",
          "url": "https://mattermost.com/security-updates/"
        }
      ]
    }