mattermost
607 tracked vulnerabilities.
CVE-2026-4643
LOW
Calling window.close() from server-side content causes crash in the Mattermost Desktop App
May 18, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-4286
LOW
Mattermost Playbooks Plugin - Unauthorized Team Transfer
May 18, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-3471
MEDIUM
Opening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop App
May 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-3117
MEDIUM
Instance and webhook GitLab plugin commands were able to be run by non-admin users
May 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28732
MEDIUM
Mattermost 10.11.0-10.11.13 11.4.0-11.4.3 11.5.0-11.5.1 - Slash Command Hijacking via Trigger-Word Bypass
May 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-6342
MEDIUM
Mattermost Plugins - Incorrect Authorization via Namespace Prefix Bypass
May 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-6341
MEDIUM
Mattermost Plugins - Incorrect Authorization via Direct API Requests
May 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-6340
MEDIUM
Mattermost 10.11.0-10.11.13 11.4.0-11.4.3 11.5.0-11.5.1 - Authenticated Denial of Service via 7zip Archive Processing
May 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-6334
LOW
OAuth authorization code client binding not enforced during token redemption in Mattermost
May 18, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-4273
LOW
Insufficient token rotation validation in remote cluster invite confirmation
May 18, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-3637
MEDIUM
Mattermost fails to enforce create_post permission when editing posts
May 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-3495
LOW
Mattermost 10.11.0-10.11.13 and 11.5.0-11.5.1 - Stored Cross-Site Scripting in Error Page Configuration
May 18, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-2325
MEDIUM
Improper Input Validation in MS Teams Meetings API Handler
May 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-28759
MEDIUM
Mattermost Shared Channel Sync - Unauthorized Member Removal
May 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-4054
MEDIUM
SVG content served through Mattermost image proxy despite Content-Type restrictions causes client-side denial of service
May 15, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-4053
LOW
post edit time limit is not enforced on some post update operations
May 15, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-3590
MEDIUM
Race Condition in Guest Magic Link Authentication Allows Token Reuse
Apr 15, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28741
MEDIUM
CSRF Protection Bypass Allows Updating a User's Authentication Method
Apr 15, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-27769
LOW
Connected Workspaces: Malicious remote server can manipulate arbitrary user's status
Apr 15, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-24661
LOW
Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint
Apr 09, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-21388
LOW
Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint
Apr 09, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-3524
HIGH
Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check
Apr 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-28736
MEDIUM
Focalboard IDOR in file content endpoint allows cross-user file access (unsupported product, no fix)
Apr 03, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-25773
HIGH
Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)
Apr 03, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-3116
MEDIUM
Improper Input Validation in Zoom Plugin Webhook Handler
Mar 26, 2026
CVSS 4.9
EPSS 0.00
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters