mattermost
607 tracked vulnerabilities.
CVE-2026-3115
MEDIUM
Guest users can view group member IDs without respecting view restrictions
Mar 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-3114
MEDIUM
Zip Bomb Denial of Service via Unrestricted Archive Decompression
Mar 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-3113
MEDIUM
mmctl export download command doesn’t restrict permissions to created file to file owner
Mar 26, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-3112
MEDIUM
Arbitrary File Read via Advanced Logging Support Packet
Mar 26, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-3109
LOW
Missing timestamp validation in Zoom webhook handler
Mar 26, 2026
CVSS 2.2
EPSS 0.00
CVE-2026-3108
HIGH
Terminal Escape Injection in mmctl Report Posts Command
Mar 26, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-4274
MEDIUM
Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access
Mar 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27659
MEDIUM
Mattermost <= 11.4.0 - Access Control Policy Activation CSRF
Mar 25, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-27656
MEDIUM
Account Takeover via Substring Matching in OpenID Connect Authentication
Mar 25, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-26233
MEDIUM
Denial of Service via HTTP/2 single packet attack on login endpoint
Mar 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20719
MEDIUM
DoS via URL Previews Rendering Malicious SVGs
Mar 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2454
MEDIUM
DoS in Calls plugin via malformed msgpack in websocket request.
Mar 16, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-26230
LOW
Team Admin Privilege Escalation to Demote Members to Guest
Mar 16, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-1629
MEDIUM
Permalink Preview Information Disclosure After Permission Revocation
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26304
MEDIUM
Permission Bypass in Playbook Run Creation
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2455
MEDIUM
SSRF bypass via IPv4-mapped IPv6 literals
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24692
MEDIUM
Guest users can bypass read permissions via search API
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-22545
LOW
Password Change Bypass via Auth Switch Endpoint
Mar 16, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-21386
MEDIUM
Private channel enumeration via /mute slash command
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-4265
MEDIUM
Guest user can upload files without permission across teams
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2578
MEDIUM
Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2476
HIGH
MS Teams plugin sensitive config values not properly masked in support packets
Mar 16, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-2463
MEDIUM
Unauthorized access to invite ID during team creation
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2462
MEDIUM
Admin RCE via Malicious Plugin Upload on CI Test Instances
Mar 16, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-2461
MEDIUM
Missing authorization check allows unauthorized modification of other users' comments on a board
Mar 16, 2026
CVSS 4.3
EPSS 0.00
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters