mattermost
607 tracked vulnerabilities.
CVE-2026-2458
MEDIUM
Unauthorized channel enumeration in private teams after member removal
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2457
MEDIUM
WebSocket Message Spoofing via Permalink Embed Manipulation
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2456
MEDIUM
Denial of Service via Unbounded Memory Allocation in Integration Actions
Mar 16, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-26246
MEDIUM
Memory Exhaustion via Malformed PSD File Upload
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-25783
MEDIUM
Denial of service via malformed User-Agent header in getBrowserVersion
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-25780
MEDIUM
Memory Exhaustion via Malformed DOC File Upload
Mar 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24458
HIGH
DoS attack via login attempts with multi-megabyte passwords
Mar 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-1628
MEDIUM
Mattermost Desktop App <=5.13.3 - Open Redirect
Mar 02, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-1046
HIGH
Mattermost Desktop App <=6.0, 6.2.0, 5.2.13.0 - RCE
Feb 16, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-0999
MEDIUM
Mattermost 11.1.x-11.1.2 - Auth Bypass
Feb 16, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-0998
MEDIUM
Mattermost 11.1.x-11.1.2 - Auth Bypass
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0997
MEDIUM
Mattermost 11.1.x-11.1.2 - Privilege Escalation
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-22892
MEDIUM
Mattermost 10.11.0-10.11.9 11.1.0-11.1.2 11.2.0-11.2.1 - Incorrect Authorization via Jira Plugin
Feb 13, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20796
LOW
Mattermost <10.11.9 - Info Disclosure
Feb 13, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-14573
LOW
Mattermost <10.11.10 - Privilege Escalation
Feb 16, 2026
CVSS 3.8
EPSS 0.00
CVE-2025-14350
MEDIUM
Mattermost <11.1.2, 10.11.9, 11.2.1 - Info Disclosure
Feb 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-13821
MEDIUM
Mattermost 11.1.x-11.1.2/10.11.x-10.11.9/11.2.x-11.2.1 - Info Discl...
Feb 16, 2026
CVSS 5.7
EPSS 0.00
CVE-2025-13523
HIGH
Mattermost Confluence Plugin < 1.7.0 - Authenticated Stored Cross-Site Scripting via OAuth2 Connection Link
Feb 06, 2026
CVSS 7.7
EPSS 0.00
CVE-2025-14435
MEDIUM
Mattermost <10.11.8-11.1.1-11.0.6 - Authenticated DoS
Jan 16, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-14822
LOW
Mattermost 10.11.0-10.11.8 - Authenticated Denial of Service via Hashtag Processing
Jan 16, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-64641
MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization via Jira Plugin Post Action
Dec 24, 2025
CVSS 4.1
EPSS 0.00
CVE-2025-13767
MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization in Jira Plugin
Dec 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-14273
HIGH
Mattermost <11.1.0, 10.12.3, 10.11.7 - Auth Bypass
Dec 22, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-13326
LOW
Mattermost Desktop App <6.0.0 - Privilege Escalation
Dec 17, 2025
CVSS 3.9
EPSS 0.00
CVE-2025-13324
LOW
Mattermost 10.11.0-10.11.5, 11.0.0-11.0.4, 10.12.0-10.12.2 - Incorrect Authorization via Legacy Cluster Invite Token
Dec 17, 2025
CVSS 3.7
EPSS 0.00
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters