|
161
|
3.7 |
LOW
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an aut…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-4273
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
3.1 |
LOW
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to red…
New
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-6334
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exh…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-6340
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multip…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6341
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6342
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-28732
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3117
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra…
New
|
CWE-939
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-3471
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
3.1 |
LOW
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when updating playbooks, allowing users with only {{Manage Playbook Configurations}} permissio…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-4286
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
3.5 |
LOW
Network
|
-
|
-
|
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server …
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-4643
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
