mattermost

575 tracked vulnerabilities.

CVE-2026-1628 MEDIUM
Mattermost Desktop App <=5.13.3 - Open Redirect
Mar 02, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-1046 HIGH
Mattermost Desktop App <=6.0, 6.2.0, 5.2.13.0 - RCE
Feb 16, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-0999 MEDIUM
Mattermost 11.1.x-11.1.2 - Auth Bypass
Feb 16, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-0998 MEDIUM
Mattermost 11.1.x-11.1.2 - Auth Bypass
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0997 MEDIUM
Mattermost 11.1.x-11.1.2 - Privilege Escalation
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-22892 MEDIUM
Mattermost 10.11.0-10.11.9 11.1.0-11.1.2 11.2.0-11.2.1 - Incorrect Authorization via Jira Plugin
Feb 13, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20796 LOW
Mattermost <10.11.9 - Info Disclosure
Feb 13, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-14573 LOW
Mattermost <10.11.10 - Privilege Escalation
Feb 16, 2026
CVSS 3.8
EPSS 0.00
CVE-2025-14350 MEDIUM
Mattermost <11.1.2, 10.11.9, 11.2.1 - Info Disclosure
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-13821 MEDIUM
Mattermost 11.1.x-11.1.2/10.11.x-10.11.9/11.2.x-11.2.1 - Info Discl...
Feb 16, 2026
CVSS 5.7
EPSS 0.00
CVE-2025-13523 HIGH
Mattermost Confluence Plugin < 1.7.0 - Authenticated Stored Cross-Site Scripting via OAuth2 Connection Link
Feb 06, 2026
CVSS 7.7
EPSS 0.00
CVE-2025-14435 MEDIUM
Mattermost <10.11.8-11.1.1-11.0.6 - Authenticated DoS
Jan 16, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-14822 LOW
Mattermost 10.11.0-10.11.8 - Authenticated Denial of Service via Hashtag Processing
Jan 16, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-64641 MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization via Jira Plugin Post Action
Dec 24, 2025
CVSS 4.1
EPSS 0.00
CVE-2025-13767 MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization in Jira Plugin
Dec 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-14273 HIGH
Mattermost <11.1.0, 10.12.3, 10.11.7 - Auth Bypass
Dec 22, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-13326 LOW
Mattermost Desktop App <6.0.0 - Privilege Escalation
Dec 17, 2025
CVSS 3.9
EPSS 0.00
CVE-2025-13324 LOW
Mattermost 10.11.0-10.11.5, 11.0.0-11.0.4, 10.12.0-10.12.2 - Incorrect Authorization via Legacy Cluster Invite Token
Dec 17, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-13321 LOW
Mattermost Desktop App < 6.0.0 - Sensitive Information Exposure via Log File
Dec 17, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-12689 MEDIUM
Mattermost <11.0.4, <10.12.2, <10.11.6 - DoS
Dec 17, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62690 LOW
Mattermost 10.11.0-10.11.4 - Open Redirect via Error Page URL Parameter
Dec 17, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-62190 MEDIUM
Mattermost 10.11.0-10.11.6, 10.12.0-10.12.2, 11.0.0-11.0.4 & Calls <1.10.0 - CSRF via Calls Widget
Dec 17, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-13352 LOW
Mattermost 10.11.0-10.11.6 and GitHub Plugin <=2.4.0 - Reaction Hijacking via Notification Post
Dec 17, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-13870 LOW
Mattermost 10.5.0-10.5.12 and 10.11.0-10.11.4 - Authenticated Missing Permission Validation in Boards
Dec 02, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-12756 MEDIUM
Mattermost <11.0.2-10.12.1-10.11.4-10.5.12 - Privilege Escalation
Dec 01, 2025
CVSS 4.3
EPSS 0.00
Products
mattermost_server 412 mattermost 233 mattermost-server 186 Mattermost 74 mattermost_desktop 23 mattermost_mobile 20 confluence 14 mattermost-plugin-confluence 14 mattermost-plugin-msteams 4 mattermost-plugin-playbooks 4 mattermost-plugin-jira 3 Focalboard 2 focalboard 2 mattermost-plugin-boards 2 mattermost-plugin-calls 2 mattermost-plugin-zoom 2 mattermost_boards 2 ms_teams 2 playbooks 2 zoom 2 channel_export 1 mattermost-plugin-channel-export 1 mattermost-plugin-github 1 mattermost_channel_export 1 mattermost_packages 1 mattermost_plugins 1
Quick Filters
Critical CVEs With Exploits In CISA KEV