Tag

Mattermost

4 briefs RSS

Mattermost File Access Vulnerability (CVE-2026-3473)

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, allowing an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs.

Mattermost Server cve vulnerability mattermost authorization bypass

1r 1t 1c 3w ago

medium advisory

Multiple Vulnerabilities in Mattermost Products

2 rules

Multiple unspecified vulnerabilities in Mattermost Desktop App and Mattermost Server allow an attacker to cause an unspecified security issue.

Mattermost Desktop App +4 mattermost vulnerability unspecified

2r May 19, 2026

high advisory

Mattermost Legal Hold Plugin Authentication Bypass Vulnerability

2 rules 2 TTPs 1 CVE

Mattermost Legal Hold plugin versions 1.1.4 and earlier allow authenticated attackers to bypass authorization checks, enabling unauthorized access and modification of legal hold data via crafted API requests.

mattermost authentication-bypass legal-hold

2r 2t 1c Apr 6, 2026

high advisory

Mattermost mmctl Terminal Injection Vulnerability (CVE-2026-3108)

2 rules 1 TTP

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 are vulnerable to terminal injection, allowing attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences.

cve-2026-3108 mattermost terminal-injection

2r 1t Mar 26, 2026