Description
Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://mattermost.com/security-updates
Scores
CVSS v3
7.6
EPSS
0.0004
EPSS Percentile
14.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-939
Status
published
Products (5)
Mattermost/Mattermost
< 5.2.13
Mattermost/Mattermost
< 6.2.0
Mattermost/Mattermost
5.13.3.0
Mattermost/Mattermost
6.0.3.0
Mattermost/Mattermost
6.1.0
Published
Feb 16, 2026
Tracked Since
Feb 18, 2026