CVE-2026-3524

HIGH

Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check

Title source: cna
STIX 2.1

Description

Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID: MMSA-2026-00621

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
MMSA-2026-00621
https://mattermost.com/security-updates

Scores

CVSS v3 8.8
EPSS 0.0038
EPSS Percentile 29.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (2)
Mattermost/Mattermost < 1.1.4
Mattermost/Mattermost 1.1.5
Published Apr 06, 2026
Tracked Since Apr 06, 2026