Known Vulnerabilities for products from Mattermost
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mattermost".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-3116 | Not Provided | 2026-03-26 | 2026-03-26 | |
| CVE-2026-3115 | Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to apply view restrictions... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-3114 | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate decompressed a... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-3113 | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to set permissions on down... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-3112 | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Loggi... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-3109 | Not Provided | 2026-03-26 | 2026-03-26 | |
| CVE-2026-3108 | Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlle... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2022-22122 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of [CVE-20... | Not Provided | 2022-01-13 | 2023-11-07 |
| CVE-2021-37867 | Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which ... | 4.3 - MEDIUM | 2022-01-18 | 2022-01-24 |
| CVE-2021-37866 | Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Board... | 7.5 - HIGH | 2022-01-18 | 2022-02-03 |
| CVE-2021-37865 | Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a... | 5.7 - MEDIUM | 2022-01-18 | 2022-01-24 |
| CVE-2021-37864 | Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authentic... | 6.5 - MEDIUM | 2022-01-18 | 2022-10-27 |
| CVE-2021-37863 | Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attacke... | 5.7 - MEDIUM | 2021-12-17 | 2021-12-21 |
| CVE-2021-37862 | Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to tr... | 5.4 - MEDIUM | 2021-12-17 | 2021-12-27 |
| CVE-2021-37861 | Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. | 7.5 - HIGH | 2021-12-09 | 2021-12-13 |
| CVE-2021-37860 | Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to injec... | 6.1 - MEDIUM | 2021-09-22 | 2021-10-05 |
| CVE-2021-37859 | Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. | 6.1 - MEDIUM | 2021-08-05 | 2021-08-12 |
| CVE-2020-14460 | An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth ap... | 6.5 - MEDIUM | 2020-06-19 | 2021-07-21 |
| CVE-2020-14459 | An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direc... | 7.5 - HIGH | 2020-06-19 | 2020-06-19 |
| CVE-2020-14458 | An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by n... | 7.5 - HIGH | 2020-06-19 | 2021-07-21 |
Known software with vulnerabilities from Mattermost
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mattermost | Mattermost | - |
| Application | Mattermost | Mattermost Desktop | 3.4.0 |
| Application | Mattermost | Mattermost Mobile | 1.26.0 |
| Application | Mattermost | Mattermost Packages | 5.16.3 |
| Application | Mattermost | Mattermost Plugins | 5.13.0 |
| Application | Mattermost | Mattermost Server | 0.5.0 |
| Application | Mattermost | Server | 5.19.0 |