destiny-creates

1 exploit Active since Mar 2026
CVE-2026-2461 NOMISEC MEDIUM WORKING POC
Missing authorization check allows unauthorized modification of other users' comments on a board
Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559
CVSS 4.3