NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-3495
Summary

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622

Publication Date May 18, 2026, 5:16 p.m.
Registration Date May 19, 2026, 4:14 a.m.
Last Update May 19, 2026, 2:32 a.m.
CVSS3.1 : LOW
スコア 3.8
Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
攻撃元区分(AV) ネットワーク
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR)
利用者の関与(UI) 不要
影響の想定範囲(S) 変更なし
機密性への影響(C)
完全性への影響(I)
可用性への影響(A) なし
Related information, measures and tools
Common Vulnerabilities List