Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / mattermost

mattermost

575 tracked vulnerabilities.

CVE-2026-28735 MEDIUM

Mattermost - GitHub OAuth Scope Validation

CVE-2026-4635 MEDIUM

Persistent notification timing attack causing server denial of service

CVE-2026-3473 MEDIUM

Improper file ownership validation in the Boards API allows unauthorised file access

CVE-2026-4646 MEDIUM

Insufficient input validation in GitHub plugin API causes denial of service

CVE-2026-3636 MEDIUM

Mattermost - Sanitize Team Member Data Returned by API

CVE-2026-5740 HIGH

Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

CVE-2026-5308 MEDIUM

Missing request body size limits on Zoom plugin HTTP endpoints

CVE-2026-5755 MEDIUM

Mattermost - Denial of Service via Crafted TIFF File Upload

CVE-2026-4858 HIGH

Path traversal in integration action URL leading to arbitrary API execution via system admin’s auth token.

CVE-2026-22880 MEDIUM

Mobile SSO authentication flow allows credential theft via malicious server

CVE-2026-4055 MEDIUM

Insufficient permission validation on cross-team playbook run creation

CVE-2026-6347 HIGH

Mattermost Calls plugin exposes TURN server credentials in plaintext in support packets

CVE-2026-6346 HIGH

Sensitive credentials exposed in plaintext in Mattermost support packets

CVE-2026-6345 MEDIUM

Prevent password disclosure and force reset during Slack import

CVE-2026-6343 MEDIUM

Mattermost Playbooks Plugin - Public Playbook Unauthorized Access

CVE-2026-6339 MEDIUM

Missing request origin validation on burn-on-read reveal endpoint

CVE-2026-6333 LOW

SSRF via Host Header Spoofing in Custom Slash Commands

CVE-2026-5163 MEDIUM

Missing authorization check in AI message rewrite endpoint allows access to private thread content

CVE-2026-4643 LOW

Calling window.close() from server-side content causes crash in the Mattermost Desktop App

CVE-2026-4286 LOW

Mattermost Playbooks Plugin - Unauthorized Team Transfer

CVE-2026-3471 MEDIUM

Opening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop App

CVE-2026-3117 MEDIUM

Instance and webhook GitLab plugin commands were able to be run by non-admin users

CVE-2026-28732 MEDIUM

Mattermost 10.11.0-10.11.13 11.4.0-11.4.3 11.5.0-11.5.1 - Slash Command Hijacking via Trigger-Word Bypass

CVE-2026-6342 MEDIUM

Mattermost Plugins - Incorrect Authorization via Namespace Prefix Bypass

CVE-2026-6341 MEDIUM

Mattermost Plugins - Incorrect Authorization via Direct API Requests

Page 1 of 23 Next

Products

mattermost_server 412 mattermost 233 mattermost-server 186 Mattermost 74 mattermost_desktop 23 mattermost_mobile 20 confluence 14 mattermost-plugin-confluence 14 mattermost-plugin-msteams 4 mattermost-plugin-playbooks 4 mattermost-plugin-jira 3 Focalboard 2 focalboard 2 mattermost-plugin-boards 2 mattermost-plugin-calls 2 mattermost-plugin-zoom 2 mattermost_boards 2 ms_teams 2 playbooks 2 zoom 2 channel_export 1 mattermost-plugin-channel-export 1 mattermost-plugin-github 1 mattermost_channel_export 1 mattermost_packages 1 mattermost_plugins 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy