mattermost

607 tracked vulnerabilities.

CVE-2026-2458 MEDIUM
Unauthorized channel enumeration in private teams after member removal
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2457 MEDIUM
WebSocket Message Spoofing via Permalink Embed Manipulation
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2456 MEDIUM
Denial of Service via Unbounded Memory Allocation in Integration Actions
Mar 16, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-26246 MEDIUM
Memory Exhaustion via Malformed PSD File Upload
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-25783 MEDIUM
Denial of service via malformed User-Agent header in getBrowserVersion
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-25780 MEDIUM
Memory Exhaustion via Malformed DOC File Upload
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24458 HIGH
DoS attack via login attempts with multi-megabyte passwords
Mar 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-1628 MEDIUM
Mattermost Desktop App <=5.13.3 - Open Redirect
Mar 02, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-1046 HIGH
Mattermost Desktop App <=6.0, 6.2.0, 5.2.13.0 - RCE
Feb 16, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-0999 MEDIUM
Mattermost 11.1.x-11.1.2 - Auth Bypass
Feb 16, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-0998 MEDIUM
Mattermost 11.1.x-11.1.2 - Auth Bypass
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0997 MEDIUM
Mattermost 11.1.x-11.1.2 - Privilege Escalation
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-22892 MEDIUM
Mattermost 10.11.0-10.11.9 11.1.0-11.1.2 11.2.0-11.2.1 - Incorrect Authorization via Jira Plugin
Feb 13, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20796 LOW
Mattermost <10.11.9 - Info Disclosure
Feb 13, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-14573 LOW
Mattermost <10.11.10 - Privilege Escalation
Feb 16, 2026
CVSS 3.8
EPSS 0.00
CVE-2025-14350 MEDIUM
Mattermost <11.1.2, 10.11.9, 11.2.1 - Info Disclosure
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-13821 MEDIUM
Mattermost 11.1.x-11.1.2/10.11.x-10.11.9/11.2.x-11.2.1 - Info Discl...
Feb 16, 2026
CVSS 5.7
EPSS 0.00
CVE-2025-13523 HIGH
Mattermost Confluence Plugin < 1.7.0 - Authenticated Stored Cross-Site Scripting via OAuth2 Connection Link
Feb 06, 2026
CVSS 7.7
EPSS 0.00
CVE-2025-14435 MEDIUM
Mattermost <10.11.8-11.1.1-11.0.6 - Authenticated DoS
Jan 16, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-14822 LOW
Mattermost 10.11.0-10.11.8 - Authenticated Denial of Service via Hashtag Processing
Jan 16, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-64641 MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization via Jira Plugin Post Action
Dec 24, 2025
CVSS 4.1
EPSS 0.00
CVE-2025-13767 MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization in Jira Plugin
Dec 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-14273 HIGH
Mattermost <11.1.0, 10.12.3, 10.11.7 - Auth Bypass
Dec 22, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-13326 LOW
Mattermost Desktop App <6.0.0 - Privilege Escalation
Dec 17, 2025
CVSS 3.9
EPSS 0.00
CVE-2025-13324 LOW
Mattermost 10.11.0-10.11.5, 11.0.0-11.0.4, 10.12.0-10.12.2 - Incorrect Authorization via Legacy Cluster Invite Token
Dec 17, 2025
CVSS 3.7
EPSS 0.00