Known Vulnerabilities for products from Mattermost
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mattermost".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-53837 json | Not Provided | 2026-06-12 | 2026-06-15 | |
| CVE-2026-46548 json | Not Provided | 2026-06-23 | 2026-06-23 | |
| CVE-2026-45003 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-28759 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate that a remote cluster has access... | Not Provided | 2026-05-18 | 2026-05-18 |
| CVE-2026-28741 json | Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on... | Not Provided | 2026-04-15 | 2026-04-22 |
| CVE-2026-28736 json | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This all... | Not Provided | 2026-04-03 | 2026-04-28 |
| CVE-2026-28732 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word unique... | Not Provided | 2026-05-18 | 2026-05-19 |
| CVE-2026-27769 json | Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspac... | Not Provided | 2026-04-15 | 2026-04-22 |
| CVE-2026-25773 json | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic ... | Not Provided | 2026-04-03 | 2026-04-28 |
| CVE-2026-24661 json | Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows a... | Not Provided | 2026-04-09 | 2026-04-17 |
| CVE-2026-22880 json | Not Provided | 2026-05-21 | 2026-05-21 | |
| CVE-2026-21388 json | Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows a... | Not Provided | 2026-04-09 | 2026-04-25 |
| CVE-2026-9162 json | Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to invalidate cached authe... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-8683 json | Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost D... | Not Provided | 2026-06-15 | 2026-06-16 |
| CVE-2026-8074 json | Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission checks on the user active s... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-7387 json | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require ... | Not Provided | 2026-06-12 | 2026-06-18 |
| CVE-2026-7184 json | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response ... | Not Provided | 2026-06-12 | 2026-06-18 |
| CVE-2026-6961 json | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize... | Not Provided | 2026-06-12 | 2026-06-18 |
| CVE-2026-6957 json | Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct e... | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2026-6739 json | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to require system-level... | Not Provided | 2026-06-12 | 2026-06-18 |
Known software with vulnerabilities from Mattermost
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mattermost | Mattermost | - |
| Application | Mattermost | Mattermost Desktop | 3.4.0 |
| Application | Mattermost | Mattermost Mobile | 1.26.0 |
| Application | Mattermost | Mattermost Packages | 5.16.3 |
| Application | Mattermost | Mattermost Plugins | 5.13.0 |
| Application | Mattermost | Mattermost Server | 0.5.0 |
| Application | Mattermost | Server | 5.19.0 |