CVE-2026-2461

MEDIUM

Missing authorization check allows unauthorized modification of other users' comments on a board

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-2461. PoCs published by XiaomingX, destiny-creates.

AI-analyzed exploit summary The PoC exploits a vulnerability in telnet by injecting a crafted username parameter to achieve unauthorized access or command execution. It uses subprocess to execute a telnet command with a malicious username flag.

Description

Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-2461

View Code ZIP pw:eip

The PoC exploits a vulnerability in telnet by injecting a crafted username parameter to achieve unauthorized access or command execution. It uses subprocess to execute a telnet command with a malicious username flag.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: telnet (version not specified)

No auth needed

Prerequisites: telnet client installed on attacker's machine · target IP address

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 16, 2026 Full analysis →

nomisec WORKING POC

by destiny-creates · poc

https://github.com/destiny-creates/CVE-2026-2461-poc

View Code ZIP pw:eip

This PoC exploits a vulnerability in telnet by injecting a malicious username parameter to potentially achieve remote code execution. The script prompts for a target IP and uses subprocess to execute a crafted telnet command.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: telnet client (version unspecified)

No auth needed

Prerequisites: telnet client installed on attacker's machine · target IP address

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

MMSA-2025-00559

https://mattermost.com/security-updates

Scores

CVSS v3 4.3

EPSS 0.0004

EPSS Percentile 13.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (9)

Mattermost/Mattermost < 10.10.11

Mattermost/Mattermost < 11.0.3

Mattermost/Mattermost < 11.2.2

Mattermost/Mattermost 10.11.11

Mattermost/Mattermost 11.2.3

Mattermost/Mattermost 11.3.1

Mattermost/Mattermost 11.4.0

mattermost/mattermost-plugin-boards 0 - 0.0.0-20260108044135-57c5be5b6ef5Go

mattermost/mattermost_server < 10.11.11

Published Mar 16, 2026

Tracked Since Mar 16, 2026