Mattermost
54 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-13426
MEDIUM 5.4
Github.Com/Mattermost/Mattermost/Server/Public — The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate pa…
2026-06-26
CVE-2026-3472
LOW 3.5
Mattermost — Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown im…
2026-06-26
CVE-2026-4339
MEDIUM 6.5
Mattermost — Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs a…
2026-06-26
CVE-2026-9699
MEDIUM 6.8
Mattermost — Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI A…
2026-06-26
CVE-2026-2299
MEDIUM 4.2
Mattermost Google Drive Plugin — The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creat…
2026-06-25
CVE-2026-5139
MEDIUM 5.4
Mattermost — Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to enforce …
2026-06-22
CVE-2026-6062
MEDIUM 6.4
Mattermost — Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 Fail to validate…
2026-06-22
CVE-2026-6673
MEDIUM 6.4
Mattermost — Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to authenti…
2026-06-22
CVE-2026-8074
LOW 3.8
Mattermost — Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission checks on th…
2026-06-22
CVE-2026-8823
LOW 3.8
Mattermost — Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to …
2026-06-22
CVE-2026-9162
MEDIUM 4.3
Mattermost — Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to invalida…
2026-06-22
CVE-2026-6517
MEDIUM 6.3
Mattermost — Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM creden…
2026-06-15
CVE-2026-8683
MEDIUM 6.5
Mattermost — Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in t…
2026-06-15
CVE-2026-3433
MEDIUM 4.3
Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restr…
2026-06-12
CVE-2026-6046
MEDIUM 5.3
Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to valid…
2026-06-12
CVE-2026-6689
MEDIUM 4.3
Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enfor…
2026-06-12
CVE-2026-6739
MEDIUM 6.7
Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to requi…
2026-06-12
CVE-2026-6961
HIGH 7.6
Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fa…
2026-06-12
CVE-2026-7184
MEDIUM 6.5
Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluste…
2026-06-12
CVE-2026-7387
HIGH 8.8
Mattermost — Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fa…
2026-06-12
CVE-2026-6957
HIGH 8
Mattermost — Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them…
2026-05-27
CVE-2026-4915
MEDIUM 6.5
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter n…
2026-05-25
CVE-2026-28735
MEDIUM 5.4
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate…
2026-05-22
CVE-2026-3473
MEDIUM 5.9
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate…
2026-05-22
CVE-2026-3636
MEDIUM 4.3
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to sanitize…
2026-05-22
CVE-2026-4635
MEDIUM 6.5
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive …
2026-05-22
CVE-2026-4646
MEDIUM 4.3
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate…
2026-05-22
CVE-2026-5308
MEDIUM 4.9
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce …
2026-05-22
CVE-2026-5740
HIGH 7.5
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly…
2026-05-22
CVE-2026-5755
MEDIUM 6.5
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.1…
2026-05-22
CVE-2026-22880
MEDIUM 6.1
Mattermost — Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate t…
2026-05-21
CVE-2026-4055
MEDIUM 4.3
Mattermost — Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team…
2026-05-21
CVE-2026-4858
HIGH 8
Mattermost — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check in…
2026-05-21
CVE-2026-28732
MEDIUM 4.3
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trig…
2026-05-18
CVE-2026-28759
MEDIUM 4.3
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate that a remote clu…
2026-05-18
CVE-2026-2325
MEDIUM 4.3
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the requ…
2026-05-18
CVE-2026-3117
MEDIUM 6.5
Mattermost — Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when proces…
2026-05-18
CVE-2026-3471
MEDIUM 6.5
Mattermost — Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up w…
2026-05-18
CVE-2026-3495
LOW 3.8
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain mal…
2026-05-18
CVE-2026-3637
MEDIUM 4.3
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post chan…
2026-05-18
CVE-2026-4273
LOW 3.7
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs fro…
2026-05-18
CVE-2026-4286
LOW 3.1
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when …
2026-05-18
CVE-2026-4643
LOW 3.5
Mattermost — Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an u…
2026-05-18
CVE-2026-5163
MEDIUM 6.5
Mattermost — Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rew…
2026-05-18
CVE-2026-6333
LOW 3.5
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing r…
2026-05-18
CVE-2026-6334
LOW 3.1
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the O…
2026-05-18
CVE-2026-6339
MEDIUM 4.3
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validate the X-Requested-With header on the bur…
2026-05-18
CVE-2026-6340
MEDIUM 4.3
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive stru…
2026-05-18
CVE-2026-6341
MEDIUM 4.3
Mattermost — Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the …
2026-05-18
CVE-2026-6342
MEDIUM 4.3
Mattermost — Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces w…
2026-05-18
CVE-2026-6343
MEDIUM 4.3
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permi…
2026-05-18
CVE-2026-6345
MEDIUM 6.5
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created…
2026-05-18
CVE-2026-6346
HIGH 8.7
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configu…
2026-05-18
CVE-2026-6347
HIGH 7.6
Mattermost — Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configu…
2026-05-18