Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / mattermost

mattermost

575 tracked vulnerabilities.

CVE-2026-27659 MEDIUM

Mattermost <= 11.4.0 - Access Control Policy Activation CSRF

CVE-2026-27656 MEDIUM

Account Takeover via Substring Matching in OpenID Connect Authentication

CVE-2026-26233 MEDIUM

Denial of Service via HTTP/2 single packet attack on login endpoint

CVE-2026-20719 MEDIUM

DoS via URL Previews Rendering Malicious SVGs

CVE-2026-2454 MEDIUM

DoS in Calls plugin via malformed msgpack in websocket request.

CVE-2026-26230 LOW

Team Admin Privilege Escalation to Demote Members to Guest

CVE-2026-1629 MEDIUM

Permalink Preview Information Disclosure After Permission Revocation

CVE-2026-26304 MEDIUM

Permission Bypass in Playbook Run Creation

CVE-2026-2455 MEDIUM

SSRF bypass via IPv4-mapped IPv6 literals

CVE-2026-24692 MEDIUM

Guest users can bypass read permissions via search API

CVE-2026-22545 LOW

Password Change Bypass via Auth Switch Endpoint

CVE-2026-21386 MEDIUM

Private channel enumeration via /mute slash command

CVE-2026-4265 MEDIUM

Guest user can upload files without permission across teams

CVE-2026-2578 MEDIUM

Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts

CVE-2026-2476 HIGH

MS Teams plugin sensitive config values not properly masked in support packets

CVE-2026-2463 MEDIUM

Unauthorized access to invite ID during team creation

CVE-2026-2462 MEDIUM

Admin RCE via Malicious Plugin Upload on CI Test Instances

CVE-2026-2461 MEDIUM

Missing authorization check allows unauthorized modification of other users' comments on a board

CVE-2026-2458 MEDIUM

Unauthorized channel enumeration in private teams after member removal

CVE-2026-2457 MEDIUM

WebSocket Message Spoofing via Permalink Embed Manipulation

CVE-2026-2456 MEDIUM

Denial of Service via Unbounded Memory Allocation in Integration Actions

CVE-2026-26246 MEDIUM

Memory Exhaustion via Malformed PSD File Upload

CVE-2026-25783 MEDIUM

Denial of service via malformed User-Agent header in getBrowserVersion

CVE-2026-25780 MEDIUM

Memory Exhaustion via Malformed DOC File Upload

CVE-2026-24458 HIGH

DoS attack via login attempts with multi-megabyte passwords

Previous Page 3 of 23 Next

Products

mattermost_server 412 mattermost 233 mattermost-server 186 Mattermost 74 mattermost_desktop 23 mattermost_mobile 20 confluence 14 mattermost-plugin-confluence 14 mattermost-plugin-msteams 4 mattermost-plugin-playbooks 4 mattermost-plugin-jira 3 Focalboard 2 focalboard 2 mattermost-plugin-boards 2 mattermost-plugin-calls 2 mattermost-plugin-zoom 2 mattermost_boards 2 ms_teams 2 playbooks 2 zoom 2 channel_export 1 mattermost-plugin-channel-export 1 mattermost-plugin-github 1 mattermost_channel_export 1 mattermost_packages 1 mattermost_plugins 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy