← Browse

Mattermost

54 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-13426 MEDIUM 5.4 Github.Com/Mattermost/Mattermost/Server/Public — The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate pa… 2026-06-26 CVE-2026-3472 LOW 3.5 Mattermost — Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown im… 2026-06-26 CVE-2026-4339 MEDIUM 6.5 Mattermost — Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs a… 2026-06-26 CVE-2026-9699 MEDIUM 6.8 Mattermost — Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI A… 2026-06-26 CVE-2026-2299 MEDIUM 4.2 Mattermost Google Drive Plugin — The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creat… 2026-06-25 CVE-2026-5139 MEDIUM 5.4 Mattermost — Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to enforce … 2026-06-22 CVE-2026-6062 MEDIUM 6.4 Mattermost — Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 Fail to validate… 2026-06-22 CVE-2026-6673 MEDIUM 6.4 Mattermost — Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to authenti… 2026-06-22 CVE-2026-8074 LOW 3.8 Mattermost — Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission checks on th… 2026-06-22 CVE-2026-8823 LOW 3.8 Mattermost — Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to … 2026-06-22 CVE-2026-9162 MEDIUM 4.3 Mattermost — Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to invalida… 2026-06-22 CVE-2026-6517 MEDIUM 6.3 Mattermost — Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM creden… 2026-06-15 CVE-2026-8683 MEDIUM 6.5 Mattermost — Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in t… 2026-06-15 CVE-2026-3433 MEDIUM 4.3 Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restr… 2026-06-12 CVE-2026-6046 MEDIUM 5.3 Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to valid… 2026-06-12 CVE-2026-6689 MEDIUM 4.3 Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enfor… 2026-06-12 CVE-2026-6739 MEDIUM 6.7 Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to requi… 2026-06-12 CVE-2026-6961 HIGH 7.6 Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fa… 2026-06-12 CVE-2026-7184 MEDIUM 6.5 Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluste… 2026-06-12 CVE-2026-7387 HIGH 8.8 Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fa… 2026-06-12 CVE-2026-6957 HIGH 8 Mattermost — Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them… 2026-05-27 CVE-2026-4915 MEDIUM 6.5 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter n… 2026-05-25 CVE-2026-28735 MEDIUM 5.4 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate… 2026-05-22 CVE-2026-3473 MEDIUM 5.9 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate… 2026-05-22 CVE-2026-3636 MEDIUM 4.3 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to sanitize… 2026-05-22 CVE-2026-4635 MEDIUM 6.5 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive … 2026-05-22 CVE-2026-4646 MEDIUM 4.3 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate… 2026-05-22 CVE-2026-5308 MEDIUM 4.9 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce … 2026-05-22 CVE-2026-5740 HIGH 7.5 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly… 2026-05-22 CVE-2026-5755 MEDIUM 6.5 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.1… 2026-05-22 CVE-2026-22880 MEDIUM 6.1 Mattermost — Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate t… 2026-05-21 CVE-2026-4055 MEDIUM 4.3 Mattermost — Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team… 2026-05-21 CVE-2026-4858 HIGH 8 Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check in… 2026-05-21 CVE-2026-28732 MEDIUM 4.3 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trig… 2026-05-18 CVE-2026-28759 MEDIUM 4.3 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate that a remote clu… 2026-05-18 CVE-2026-2325 MEDIUM 4.3 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the requ… 2026-05-18 CVE-2026-3117 MEDIUM 6.5 Mattermost — Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when proces… 2026-05-18 CVE-2026-3471 MEDIUM 6.5 Mattermost — Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up w… 2026-05-18 CVE-2026-3495 LOW 3.8 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain mal… 2026-05-18 CVE-2026-3637 MEDIUM 4.3 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post chan… 2026-05-18 CVE-2026-4273 LOW 3.7 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs fro… 2026-05-18 CVE-2026-4286 LOW 3.1 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when … 2026-05-18 CVE-2026-4643 LOW 3.5 Mattermost — Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an u… 2026-05-18 CVE-2026-5163 MEDIUM 6.5 Mattermost — Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rew… 2026-05-18 CVE-2026-6333 LOW 3.5 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing r… 2026-05-18 CVE-2026-6334 LOW 3.1 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the O… 2026-05-18 CVE-2026-6339 MEDIUM 4.3 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validate the X-Requested-With header on the bur… 2026-05-18 CVE-2026-6340 MEDIUM 4.3 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive stru… 2026-05-18 CVE-2026-6341 MEDIUM 4.3 Mattermost — Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the … 2026-05-18 CVE-2026-6342 MEDIUM 4.3 Mattermost — Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces w… 2026-05-18 CVE-2026-6343 MEDIUM 4.3 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permi… 2026-05-18 CVE-2026-6345 MEDIUM 6.5 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created… 2026-05-18 CVE-2026-6346 HIGH 8.7 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configu… 2026-05-18 CVE-2026-6347 HIGH 7.6 Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configu… 2026-05-18