Search

Find a vulnerability

Search criteria

    884 vulnerabilities found for mattermost_server by mattermost

    CVE-2026-4339 (GCVE-0-2026-4339)

    Vulnerability from nvd – Published: 2026-06-26 14:44 – Updated: 2026-06-26 15:40
    VLAI
    Title
    SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server
    Summary
    Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 10.11.0 , ≤ 10.11.18 (semver)
    Affected: 11.6.0 , ≤ 11.6.3 (semver)
    Affected: 11.5.0 , ≤ 11.5.6 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    s00me00ne
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4339",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:40:26.600436Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:40:33.300Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.11.18",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.3",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.6",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "s00me00ne"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 10.11.x \u003c= 10.11.18, 11.6.x \u003c= 11.6.3, 11.5.x \u003c= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:44:58.655Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00635",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00635",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67950"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-4339",
        "datePublished": "2026-06-26T14:44:58.655Z",
        "dateReserved": "2026-03-17T14:57:10.575Z",
        "dateUpdated": "2026-06-26T15:40:33.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3472 (GCVE-0-2026-3472)

    Vulnerability from nvd – Published: 2026-06-26 14:42 – Updated: 2026-06-26 15:41
    VLAI
    Title
    Markdown image rendering bypass in AI bot tool result posts in Mattermost
    Summary
    Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 10.11.0 , ≤ 10.11.18 (semver)
    Affected: 11.6.0 , ≤ 11.6.3 (semver)
    Affected: 11.5.0 , ≤ 11.5.6 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    Juho Forsén
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:41:02.864491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:41:09.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.11.18",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.3",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.6",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juho Fors\u00e9n"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 10.11.x \u003c= 10.11.18, 11.6.x \u003c= 11.6.3, 11.5.x \u003c= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim\u0027s client.. Mattermost Advisory ID: MMSA-2026-00619"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:42:24.154Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00619",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00619",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67751"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "Markdown image rendering bypass in AI bot tool result posts in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-3472",
        "datePublished": "2026-06-26T14:42:24.154Z",
        "dateReserved": "2026-03-03T11:25:53.785Z",
        "dateUpdated": "2026-06-26T15:41:09.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8823 (GCVE-0-2026-8823)

    Vulnerability from nvd – Published: 2026-06-22 13:41 – Updated: 2026-06-22 16:12
    VLAI
    Title
    User Manager can demote bot accounts to guest without bot-management permission
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    Edgar Bellot Micó
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:12:21.701325Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:12:31.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Edgar Bellot Mic\u00f3"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 10.11.x \u003c= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:41:28.404Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00669",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00669",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68700"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "User Manager can demote bot accounts to guest without bot-management permission",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-8823",
        "datePublished": "2026-06-22T13:41:28.404Z",
        "dateReserved": "2026-05-18T10:05:31.691Z",
        "dateUpdated": "2026-06-22T16:12:31.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9162 (GCVE-0-2026-9162)

    Vulnerability from nvd – Published: 2026-06-22 13:36 – Updated: 2026-06-22 15:40
    VLAI
    Title
    Global session revocation does not invalidate active WebSocket connections
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continue receiving real-time events until the cached session expires or the client reconnects.. Mattermost Advisory ID: MMSA-2026-00664
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 11.6.0 , ≤ 11.6.2 (semver)
    Affected: 11.5.0 , ≤ 11.5.5 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 11.6.3
    Unaffected: 11.5.6
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    winfunc
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:39:54.095237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:40:07.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.2",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.6"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "winfunc"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 11.6.x \u003c= 11.6.2, 11.5.x \u003c= 11.5.5, 10.11.x \u003c= 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continue receiving real-time events until the cached session expires or the client reconnects.. Mattermost Advisory ID: MMSA-2026-00664"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:36:43.998Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00664",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 11.6.3, 11.5.6, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00664",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68542"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Global session revocation does not invalidate active WebSocket connections",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9162",
        "datePublished": "2026-06-22T13:36:43.998Z",
        "dateReserved": "2026-05-21T11:17:28.560Z",
        "dateUpdated": "2026-06-22T15:40:07.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8074 (GCVE-0-2026-8074)

    Vulnerability from nvd – Published: 2026-06-22 13:37 – Updated: 2026-06-22 15:40
    VLAI
    Title
    Improper Permission Check Allows User Manager to Deactivate Bot Accounts
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/{id}/active API endpoint.. Mattermost Advisory ID: MMSA-2026-00667
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    hackit_bharat
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8074",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:40:23.411921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:40:37.392Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "hackit_bharat"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 10.11.x \u003c= 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/{id}/active API endpoint.. Mattermost Advisory ID: MMSA-2026-00667"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:37:44.617Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00667",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00667",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68685"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Improper Permission Check Allows User Manager to Deactivate Bot Accounts",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-8074",
        "datePublished": "2026-06-22T13:37:44.617Z",
        "dateReserved": "2026-05-07T10:55:28.977Z",
        "dateUpdated": "2026-06-22T15:40:37.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6673 (GCVE-0-2026-6673)

    Vulnerability from nvd – Published: 2026-06-22 13:38 – Updated: 2026-06-22 15:41
    VLAI
    Title
    Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the pending-install window.. Mattermost Advisory ID: MMSA-2026-00654
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 11.6.0 , ≤ 11.6.2 (semver)
    Affected: 11.5.0 , ≤ 11.5.5 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 11.6.3
    Unaffected: 11.5.6
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    insomnia1102
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:40:53.578692Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:41:08.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.2",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.6"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "insomnia1102"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 11.6.x \u003c= 11.6.2, 11.5.x \u003c= 11.5.5, 10.11.x \u003c= 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the pending-install window.. Mattermost Advisory ID: MMSA-2026-00654"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:38:56.594Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00654",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 11.6.3, 11.5.6, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00654",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68376"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6673",
        "datePublished": "2026-06-22T13:38:56.594Z",
        "dateReserved": "2026-04-20T13:45:33.430Z",
        "dateUpdated": "2026-06-22T15:41:08.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6062 (GCVE-0-2026-6062)

    Vulnerability from nvd – Published: 2026-06-22 13:40 – Updated: 2026-06-22 15:41
    VLAI
    Title
    IDOR in Jira plugin subscription edit endpoint
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT request to the subscription edit endpoint.. Mattermost Advisory ID: MMSA-2026-00650
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 11.6.0 , ≤ 11.6.2 (semver)
    Affected: 11.5.0 , ≤ 11.5.5 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 11.6.3
    Unaffected: 11.5.6
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    0hmz
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:41:30.282800Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:41:48.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.2",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.6"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0hmz"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 11.6.x \u003c= 11.6.2, 11.5.x \u003c= 11.5.5, 10.11.x \u003c= 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT request to the subscription edit endpoint.. Mattermost Advisory ID: MMSA-2026-00650"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:40:07.776Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00650",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 11.6.3, 11.5.6, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00650",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68271"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "IDOR in Jira plugin subscription edit endpoint",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6062",
        "datePublished": "2026-06-22T13:40:07.776Z",
        "dateReserved": "2026-04-10T10:57:59.278Z",
        "dateUpdated": "2026-06-22T15:41:48.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5139 (GCVE-0-2026-5139)

    Vulnerability from nvd – Published: 2026-06-22 13:34 – Updated: 2026-06-22 15:39
    VLAI
    Title
    GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to enforce administrator authorization on the {{setDefaultInstance}} call within the {{/gitlab connect}} command handler, which allows any authenticated user to overwrite the global default GitLab instance configuration via the {{/gitlab connect <instance-name>}} slash command.. Mattermost Advisory ID: MMSA-2026-00644
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 11.6.0 , ≤ 11.6.2 (semver)
    Affected: 11.5.0 , ≤ 11.5.5 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 11.6.3
    Unaffected: 11.5.6
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    hunterxluxhug
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:39:17.436366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:39:29.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.2",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.6"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "hunterxluxhug"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 11.6.x \u003c= 11.6.2, 11.5.x \u003c= 11.5.5, 10.11.x \u003c= 10.11.17 fail to enforce administrator authorization on the {{setDefaultInstance}} call within the {{/gitlab connect}} command handler, which allows any authenticated user to overwrite the global default GitLab instance configuration via the {{/gitlab connect \u003cinstance-name\u003e}} slash command.. Mattermost Advisory ID: MMSA-2026-00644"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:34:21.247Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00644",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 11.6.3, 11.5.6, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00644",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68132"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-5139",
        "datePublished": "2026-06-22T13:34:21.247Z",
        "dateReserved": "2026-03-30T11:29:16.698Z",
        "dateUpdated": "2026-06-22T15:39:29.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7387 (GCVE-0-2026-7387)

    Vulnerability from nvd – Published: 2026-06-12 15:54 – Updated: 2026-06-13 03:56
    VLAI
    Title
    Mattermost group syncable endpoints allow privilege escalation via scheme_admin
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselves and group members to team or channel admin via crafted API requests.. Mattermost Advisory ID: MMSA-2026-00665
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    winfunc
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:56:08.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "winfunc"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselves and group members to team or channel admin via crafted API requests.. Mattermost Advisory ID: MMSA-2026-00665"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:54:10.103Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00665",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00665",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68546"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost group syncable endpoints allow privilege escalation via scheme_admin",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-7387",
        "datePublished": "2026-06-12T15:54:10.103Z",
        "dateReserved": "2026-04-29T09:18:29.691Z",
        "dateUpdated": "2026-06-13T03:56:08.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7184 (GCVE-0-2026-7184)

    Vulnerability from nvd – Published: 2026-06-12 15:49 – Updated: 2026-06-12 17:19
    VLAI
    Title
    Mattermost Remote Cluster PATCH API Leaks Authentication Tokens
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote cluster authentication tokens via a PATCH request to the remote cluster endpoint.. Mattermost Advisory ID: MMSA-2026-00662
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    winfunc
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7184",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T17:19:06.393567Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T17:19:11.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "winfunc"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote cluster authentication tokens via a PATCH request to the remote cluster endpoint.. Mattermost Advisory ID: MMSA-2026-00662"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:49:46.626Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00662",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00662",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68525"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost Remote Cluster PATCH API Leaks Authentication Tokens",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-7184",
        "datePublished": "2026-06-12T15:49:46.626Z",
        "dateReserved": "2026-04-27T10:44:00.842Z",
        "dateUpdated": "2026-06-12T17:19:11.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6961 (GCVE-0-2026-6961)

    Vulnerability from nvd – Published: 2026-06-12 15:56 – Updated: 2026-06-16 13:17
    VLAI
    Title
    CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations within the target server's filestore via path traversal sequences in the filename field.. Mattermost Advisory ID: MMSA-2026-00661
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    Hassan Mohammed
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6961",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-13T03:56:08.575775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T13:17:18.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hassan Mohammed"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations within the target server\u0027s filestore via path traversal sequences in the filename field.. Mattermost Advisory ID: MMSA-2026-00661"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:56:17.364Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00661",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00661",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68488"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6961",
        "datePublished": "2026-06-12T15:56:17.364Z",
        "dateReserved": "2026-04-24T15:22:26.743Z",
        "dateUpdated": "2026-06-16T13:17:18.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6739 (GCVE-0-2026-6739)

    Vulnerability from nvd – Published: 2026-06-12 15:49 – Updated: 2026-06-13 03:56
    VLAI
    Title
    Mattermost: Delegated admins could patch protected default system roles
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-in role permissions via the role patch API.. Mattermost Advisory ID: MMSA-2026-00656
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    NeganSpl01t
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:56:06.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "NeganSpl01t"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-in role permissions via the role patch API.. Mattermost Advisory ID: MMSA-2026-00656"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:49:14.444Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00656",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00656",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68392"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost: Delegated admins could patch protected default system roles",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6739",
        "datePublished": "2026-06-12T15:49:14.444Z",
        "dateReserved": "2026-04-21T08:47:06.795Z",
        "dateUpdated": "2026-06-13T03:56:06.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6689 (GCVE-0-2026-6689)

    Vulnerability from nvd – Published: 2026-06-12 15:51 – Updated: 2026-06-12 17:18
    VLAI
    Title
    *Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation (the check was only applied on update/patch), which allows an authenticated user holding PermissionCreateTeam but not PermissionInviteUser on the resulting team to configure invite-controlled team settings (make the team publicly joinable via open invite and/or constrain membership via allowed domains) that they are not permitted to set on an existing team via POST /api/v4/teams with allow_open_invite: true and/or a non-empty allowed_domains in the request body.. Mattermost Advisory ID: MMSA-2026-00655
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    0x7oda7123
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T17:18:46.355666Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T17:18:52.426Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0x7oda7123"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation (the check was only applied on update/patch), which allows an authenticated user holding PermissionCreateTeam but not PermissionInviteUser on the resulting team to configure invite-controlled team settings (make the team publicly joinable via open invite and/or constrain membership via allowed domains) that they are not permitted to set on an existing team via POST /api/v4/teams with allow_open_invite: true and/or a non-empty allowed_domains in the request body.. Mattermost Advisory ID: MMSA-2026-00655"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:51:30.871Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00655",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00655",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68381"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "*Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6689",
        "datePublished": "2026-06-12T15:51:30.871Z",
        "dateReserved": "2026-04-20T15:19:13.503Z",
        "dateUpdated": "2026-06-12T17:18:52.426Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6046 (GCVE-0-2026-6046)

    Vulnerability from nvd – Published: 2026-06-12 15:52 – Updated: 2026-06-12 17:18
    VLAI
    Title
    Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels by pre-registering a user account with a predictable plugin bot username.. Mattermost Advisory ID: MMSA-2026-00649
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    insomnia1102
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T17:18:25.567701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T17:18:30.553Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "insomnia1102"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels by pre-registering a user account with a predictable plugin bot username.. Mattermost Advisory ID: MMSA-2026-00649"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:52:33.505Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00649",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00649",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68256"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6046",
        "datePublished": "2026-06-12T15:52:33.505Z",
        "dateReserved": "2026-04-09T19:20:26.868Z",
        "dateUpdated": "2026-06-12T17:18:30.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3433 (GCVE-0-2026-3433)

    Vulnerability from nvd – Published: 2026-06-12 15:46 – Updated: 2026-06-12 17:19
    VLAI
    Title
    Mattermost fails to scope role_updated websocket events to authorized team and channel members
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change notifications for private teams they are not a member of via the websocket connection.. Mattermost Advisory ID: MMSA-2026-00616
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    0x7oda7123
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3433",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T17:19:43.952848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T17:19:49.970Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0x7oda7123"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change notifications for private teams they are not a member of via the websocket connection.. Mattermost Advisory ID: MMSA-2026-00616"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:46:54.868Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00616",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00616",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67740"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost fails to scope role_updated websocket events to authorized team and channel members",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-3433",
        "datePublished": "2026-06-12T15:46:54.868Z",
        "dateReserved": "2026-03-02T12:48:20.745Z",
        "dateUpdated": "2026-06-12T17:19:49.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4339 (GCVE-0-2026-4339)

    Vulnerability from cvelistv5 – Published: 2026-06-26 14:44 – Updated: 2026-06-26 15:40
    VLAI
    Title
    SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server
    Summary
    Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 10.11.0 , ≤ 10.11.18 (semver)
    Affected: 11.6.0 , ≤ 11.6.3 (semver)
    Affected: 11.5.0 , ≤ 11.5.6 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    s00me00ne
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4339",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:40:26.600436Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:40:33.300Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.11.18",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.3",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.6",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "s00me00ne"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 10.11.x \u003c= 10.11.18, 11.6.x \u003c= 11.6.3, 11.5.x \u003c= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:44:58.655Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00635",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00635",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67950"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-4339",
        "datePublished": "2026-06-26T14:44:58.655Z",
        "dateReserved": "2026-03-17T14:57:10.575Z",
        "dateUpdated": "2026-06-26T15:40:33.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3472 (GCVE-0-2026-3472)

    Vulnerability from cvelistv5 – Published: 2026-06-26 14:42 – Updated: 2026-06-26 15:41
    VLAI
    Title
    Markdown image rendering bypass in AI bot tool result posts in Mattermost
    Summary
    Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 10.11.0 , ≤ 10.11.18 (semver)
    Affected: 11.6.0 , ≤ 11.6.3 (semver)
    Affected: 11.5.0 , ≤ 11.5.6 (semver)
    Unaffected: 11.7.0
    Unaffected: 10.11.19
    Unaffected: 11.6.4
    Unaffected: 11.5.7
    Create a notification for this product.
    Credits
    Juho Forsén
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T15:41:02.864491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T15:41:09.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "10.11.18",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.3",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.6",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.19"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.4"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.7"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juho Fors\u00e9n"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 10.11.x \u003c= 10.11.18, 11.6.x \u003c= 11.6.3, 11.5.x \u003c= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim\u0027s client.. Mattermost Advisory ID: MMSA-2026-00619"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T14:42:24.154Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00619",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 10.11.19, 11.6.4, 11.5.7 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00619",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67751"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "Markdown image rendering bypass in AI bot tool result posts in Mattermost",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-3472",
        "datePublished": "2026-06-26T14:42:24.154Z",
        "dateReserved": "2026-03-03T11:25:53.785Z",
        "dateUpdated": "2026-06-26T15:41:09.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8823 (GCVE-0-2026-8823)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:41 – Updated: 2026-06-22 16:12
    VLAI
    Title
    User Manager can demote bot accounts to guest without bot-management permission
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    Edgar Bellot Micó
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:12:21.701325Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:12:31.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Edgar Bellot Mic\u00f3"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 10.11.x \u003c= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:41:28.404Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00669",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00669",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68700"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "User Manager can demote bot accounts to guest without bot-management permission",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-8823",
        "datePublished": "2026-06-22T13:41:28.404Z",
        "dateReserved": "2026-05-18T10:05:31.691Z",
        "dateUpdated": "2026-06-22T16:12:31.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6062 (GCVE-0-2026-6062)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:40 – Updated: 2026-06-22 15:41
    VLAI
    Title
    IDOR in Jira plugin subscription edit endpoint
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT request to the subscription edit endpoint.. Mattermost Advisory ID: MMSA-2026-00650
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 11.6.0 , ≤ 11.6.2 (semver)
    Affected: 11.5.0 , ≤ 11.5.5 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 11.6.3
    Unaffected: 11.5.6
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    0hmz
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:41:30.282800Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:41:48.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.2",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.6"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0hmz"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 11.6.x \u003c= 11.6.2, 11.5.x \u003c= 11.5.5, 10.11.x \u003c= 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT request to the subscription edit endpoint.. Mattermost Advisory ID: MMSA-2026-00650"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:40:07.776Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00650",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 11.6.3, 11.5.6, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00650",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68271"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "IDOR in Jira plugin subscription edit endpoint",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6062",
        "datePublished": "2026-06-22T13:40:07.776Z",
        "dateReserved": "2026-04-10T10:57:59.278Z",
        "dateUpdated": "2026-06-22T15:41:48.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6673 (GCVE-0-2026-6673)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:38 – Updated: 2026-06-22 15:41
    VLAI
    Title
    Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the pending-install window.. Mattermost Advisory ID: MMSA-2026-00654
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 11.6.0 , ≤ 11.6.2 (semver)
    Affected: 11.5.0 , ≤ 11.5.5 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 11.6.3
    Unaffected: 11.5.6
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    insomnia1102
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:40:53.578692Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:41:08.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.2",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.6"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "insomnia1102"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 11.6.x \u003c= 11.6.2, 11.5.x \u003c= 11.5.5, 10.11.x \u003c= 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the pending-install window.. Mattermost Advisory ID: MMSA-2026-00654"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:38:56.594Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00654",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 11.6.3, 11.5.6, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00654",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68376"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6673",
        "datePublished": "2026-06-22T13:38:56.594Z",
        "dateReserved": "2026-04-20T13:45:33.430Z",
        "dateUpdated": "2026-06-22T15:41:08.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8074 (GCVE-0-2026-8074)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:37 – Updated: 2026-06-22 15:40
    VLAI
    Title
    Improper Permission Check Allows User Manager to Deactivate Bot Accounts
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/{id}/active API endpoint.. Mattermost Advisory ID: MMSA-2026-00667
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    hackit_bharat
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8074",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:40:23.411921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:40:37.392Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "hackit_bharat"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 10.11.x \u003c= 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/{id}/active API endpoint.. Mattermost Advisory ID: MMSA-2026-00667"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:37:44.617Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00667",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00667",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68685"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Improper Permission Check Allows User Manager to Deactivate Bot Accounts",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-8074",
        "datePublished": "2026-06-22T13:37:44.617Z",
        "dateReserved": "2026-05-07T10:55:28.977Z",
        "dateUpdated": "2026-06-22T15:40:37.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9162 (GCVE-0-2026-9162)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:36 – Updated: 2026-06-22 15:40
    VLAI
    Title
    Global session revocation does not invalidate active WebSocket connections
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continue receiving real-time events until the cached session expires or the client reconnects.. Mattermost Advisory ID: MMSA-2026-00664
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 11.6.0 , ≤ 11.6.2 (semver)
    Affected: 11.5.0 , ≤ 11.5.5 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 11.6.3
    Unaffected: 11.5.6
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    winfunc
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:39:54.095237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:40:07.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.2",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.6"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "winfunc"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 11.6.x \u003c= 11.6.2, 11.5.x \u003c= 11.5.5, 10.11.x \u003c= 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continue receiving real-time events until the cached session expires or the client reconnects.. Mattermost Advisory ID: MMSA-2026-00664"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:36:43.998Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00664",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 11.6.3, 11.5.6, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00664",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68542"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Global session revocation does not invalidate active WebSocket connections",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-9162",
        "datePublished": "2026-06-22T13:36:43.998Z",
        "dateReserved": "2026-05-21T11:17:28.560Z",
        "dateUpdated": "2026-06-22T15:40:07.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5139 (GCVE-0-2026-5139)

    Vulnerability from cvelistv5 – Published: 2026-06-22 13:34 – Updated: 2026-06-22 15:39
    VLAI
    Title
    GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration
    Summary
    Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to enforce administrator authorization on the {{setDefaultInstance}} call within the {{/gitlab connect}} command handler, which allows any authenticated user to overwrite the global default GitLab instance configuration via the {{/gitlab connect <instance-name>}} slash command.. Mattermost Advisory ID: MMSA-2026-00644
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.0 (semver)
    Affected: 11.6.0 , ≤ 11.6.2 (semver)
    Affected: 11.5.0 , ≤ 11.5.5 (semver)
    Affected: 10.11.0 , ≤ 10.11.17 (semver)
    Unaffected: 11.8.0
    Unaffected: 11.7.1
    Unaffected: 11.6.3
    Unaffected: 11.5.6
    Unaffected: 10.11.18
    Create a notification for this product.
    Credits
    hunterxluxhug
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:39:17.436366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:39:29.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.7.0",
                  "status": "affected",
                  "version": "11.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.6.2",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.17",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.8.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.1"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.3"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.6"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "hunterxluxhug"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.7.x \u003c= 11.7.0, 11.6.x \u003c= 11.6.2, 11.5.x \u003c= 11.5.5, 10.11.x \u003c= 10.11.17 fail to enforce administrator authorization on the {{setDefaultInstance}} call within the {{/gitlab connect}} command handler, which allows any authenticated user to overwrite the global default GitLab instance configuration via the {{/gitlab connect \u003cinstance-name\u003e}} slash command.. Mattermost Advisory ID: MMSA-2026-00644"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T13:34:21.247Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00644",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.8.0, 11.7.1, 11.6.3, 11.5.6, 10.11.18 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00644",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68132"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-5139",
        "datePublished": "2026-06-22T13:34:21.247Z",
        "dateReserved": "2026-03-30T11:29:16.698Z",
        "dateUpdated": "2026-06-22T15:39:29.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6961 (GCVE-0-2026-6961)

    Vulnerability from cvelistv5 – Published: 2026-06-12 15:56 – Updated: 2026-06-16 13:17
    VLAI
    Title
    CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations within the target server's filestore via path traversal sequences in the filename field.. Mattermost Advisory ID: MMSA-2026-00661
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    Hassan Mohammed
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6961",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-13T03:56:08.575775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T13:17:18.192Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hassan Mohammed"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations within the target server\u0027s filestore via path traversal sequences in the filename field.. Mattermost Advisory ID: MMSA-2026-00661"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:56:17.364Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00661",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00661",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68488"
            ],
            "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
          },
          "title": "CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6961",
        "datePublished": "2026-06-12T15:56:17.364Z",
        "dateReserved": "2026-04-24T15:22:26.743Z",
        "dateUpdated": "2026-06-16T13:17:18.192Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7387 (GCVE-0-2026-7387)

    Vulnerability from cvelistv5 – Published: 2026-06-12 15:54 – Updated: 2026-06-13 03:56
    VLAI
    Title
    Mattermost group syncable endpoints allow privilege escalation via scheme_admin
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselves and group members to team or channel admin via crafted API requests.. Mattermost Advisory ID: MMSA-2026-00665
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    winfunc
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:56:08.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "winfunc"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselves and group members to team or channel admin via crafted API requests.. Mattermost Advisory ID: MMSA-2026-00665"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:54:10.103Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00665",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00665",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68546"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost group syncable endpoints allow privilege escalation via scheme_admin",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-7387",
        "datePublished": "2026-06-12T15:54:10.103Z",
        "dateReserved": "2026-04-29T09:18:29.691Z",
        "dateUpdated": "2026-06-13T03:56:08.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6046 (GCVE-0-2026-6046)

    Vulnerability from cvelistv5 – Published: 2026-06-12 15:52 – Updated: 2026-06-12 17:18
    VLAI
    Title
    Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels by pre-registering a user account with a predictable plugin bot username.. Mattermost Advisory ID: MMSA-2026-00649
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    insomnia1102
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T17:18:25.567701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T17:18:30.553Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "insomnia1102"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels by pre-registering a user account with a predictable plugin bot username.. Mattermost Advisory ID: MMSA-2026-00649"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:52:33.505Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00649",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00649",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68256"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6046",
        "datePublished": "2026-06-12T15:52:33.505Z",
        "dateReserved": "2026-04-09T19:20:26.868Z",
        "dateUpdated": "2026-06-12T17:18:30.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6689 (GCVE-0-2026-6689)

    Vulnerability from cvelistv5 – Published: 2026-06-12 15:51 – Updated: 2026-06-12 17:18
    VLAI
    Title
    *Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation (the check was only applied on update/patch), which allows an authenticated user holding PermissionCreateTeam but not PermissionInviteUser on the resulting team to configure invite-controlled team settings (make the team publicly joinable via open invite and/or constrain membership via allowed domains) that they are not permitted to set on an existing team via POST /api/v4/teams with allow_open_invite: true and/or a non-empty allowed_domains in the request body.. Mattermost Advisory ID: MMSA-2026-00655
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    0x7oda7123
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T17:18:46.355666Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T17:18:52.426Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0x7oda7123"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation (the check was only applied on update/patch), which allows an authenticated user holding PermissionCreateTeam but not PermissionInviteUser on the resulting team to configure invite-controlled team settings (make the team publicly joinable via open invite and/or constrain membership via allowed domains) that they are not permitted to set on an existing team via POST /api/v4/teams with allow_open_invite: true and/or a non-empty allowed_domains in the request body.. Mattermost Advisory ID: MMSA-2026-00655"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:51:30.871Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00655",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00655",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68381"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "*Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6689",
        "datePublished": "2026-06-12T15:51:30.871Z",
        "dateReserved": "2026-04-20T15:19:13.503Z",
        "dateUpdated": "2026-06-12T17:18:52.426Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7184 (GCVE-0-2026-7184)

    Vulnerability from cvelistv5 – Published: 2026-06-12 15:49 – Updated: 2026-06-12 17:19
    VLAI
    Title
    Mattermost Remote Cluster PATCH API Leaks Authentication Tokens
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote cluster authentication tokens via a PATCH request to the remote cluster endpoint.. Mattermost Advisory ID: MMSA-2026-00662
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    winfunc
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7184",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T17:19:06.393567Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T17:19:11.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "winfunc"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote cluster authentication tokens via a PATCH request to the remote cluster endpoint.. Mattermost Advisory ID: MMSA-2026-00662"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:49:46.626Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00662",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00662",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68525"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost Remote Cluster PATCH API Leaks Authentication Tokens",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-7184",
        "datePublished": "2026-06-12T15:49:46.626Z",
        "dateReserved": "2026-04-27T10:44:00.842Z",
        "dateUpdated": "2026-06-12T17:19:11.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6739 (GCVE-0-2026-6739)

    Vulnerability from cvelistv5 – Published: 2026-06-12 15:49 – Updated: 2026-06-13 03:56
    VLAI
    Title
    Mattermost: Delegated admins could patch protected default system roles
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-in role permissions via the role patch API.. Mattermost Advisory ID: MMSA-2026-00656
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    NeganSpl01t
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-13T03:56:06.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "NeganSpl01t"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-in role permissions via the role patch API.. Mattermost Advisory ID: MMSA-2026-00656"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:49:14.444Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00656",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00656",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-68392"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost: Delegated admins could patch protected default system roles",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-6739",
        "datePublished": "2026-06-12T15:49:14.444Z",
        "dateReserved": "2026-04-21T08:47:06.795Z",
        "dateUpdated": "2026-06-13T03:56:06.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3433 (GCVE-0-2026-3433)

    Vulnerability from cvelistv5 – Published: 2026-06-12 15:46 – Updated: 2026-06-12 17:19
    VLAI
    Title
    Mattermost fails to scope role_updated websocket events to authorized team and channel members
    Summary
    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change notifications for private teams they are not a member of via the websocket connection.. Mattermost Advisory ID: MMSA-2026-00616
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates vendor-advisory
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Affected: 11.6.0 , ≤ 11.6.1 (semver)
    Affected: 11.5.0 , ≤ 11.5.4 (semver)
    Affected: 10.11.0 , ≤ 10.11.15 (semver)
    Affected: 10.11.0 , ≤ 10.11.16 (semver)
    Unaffected: 11.7.0
    Unaffected: 11.6.2
    Unaffected: 11.5.5
    Unaffected: 10.11.16
    Unaffected: 10.11.17
    Create a notification for this product.
    Credits
    0x7oda7123
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3433",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T17:19:43.952848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T17:19:49.970Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mattermost",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.1",
                  "status": "affected",
                  "version": "11.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.5.4",
                  "status": "affected",
                  "version": "11.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.15",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.11.16",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "11.7.0"
                },
                {
                  "status": "unaffected",
                  "version": "11.6.2"
                },
                {
                  "status": "unaffected",
                  "version": "11.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.16"
                },
                {
                  "status": "unaffected",
                  "version": "10.11.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0x7oda7123"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15, 10.11.x \u003c= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change notifications for private teams they are not a member of via the websocket connection.. Mattermost Advisory ID: MMSA-2026-00616"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T15:46:54.868Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "name": "MMSA-2026-00616",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mattermost.com/security-updates"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.16, 10.11.17 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2026-00616",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-67740"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Mattermost fails to scope role_updated websocket events to authorized team and channel members",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2026-3433",
        "datePublished": "2026-06-12T15:46:54.868Z",
        "dateReserved": "2026-03-02T12:48:20.745Z",
        "dateUpdated": "2026-06-12T17:19:49.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }