Known Vulnerabilities for products from Mattermost
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mattermost".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45003 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-28759 json | Not Provided | 2026-05-18 | 2026-05-18 | |
| CVE-2026-28741 json | Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on... | Not Provided | 2026-04-15 | 2026-04-22 |
| CVE-2026-28736 json | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This all... | Not Provided | 2026-04-03 | 2026-04-28 |
| CVE-2026-28732 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word unique... | Not Provided | 2026-05-18 | 2026-05-19 |
| CVE-2026-27769 json | Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspac... | Not Provided | 2026-04-15 | 2026-04-22 |
| CVE-2026-25773 json | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic ... | Not Provided | 2026-04-03 | 2026-04-28 |
| CVE-2026-24661 json | Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows a... | Not Provided | 2026-04-09 | 2026-04-17 |
| CVE-2026-22880 json | Not Provided | 2026-05-21 | 2026-05-21 | |
| CVE-2026-21388 json | Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows a... | Not Provided | 2026-04-09 | 2026-04-25 |
| CVE-2026-9354 json | Not Provided | 2026-05-24 | 2026-05-24 | |
| CVE-2026-6957 json | Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct e... | Not Provided | 2026-05-27 | 2026-06-02 |
| CVE-2026-6347 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields i... | Not Provided | 2026-05-18 | 2026-05-18 |
| CVE-2026-6346 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields b... | Not Provided | 2026-05-18 | 2026-05-18 |
| CVE-2026-6345 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password ... | Not Provided | 2026-05-18 | 2026-05-18 |
| CVE-2026-6343 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permissions which al... | Not Provided | 2026-05-18 | 2026-05-18 |
| CVE-2026-6342 json | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plu... | Not Provided | 2026-05-18 | 2026-05-29 |
| CVE-2026-6341 json | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create... | Not Provided | 2026-05-18 | 2026-05-29 |
| CVE-2026-6340 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before pr... | Not Provided | 2026-05-18 | 2026-05-19 |
| CVE-2026-6339 json | Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validate the X-Requested-With header on the burn-on-read revea... | Not Provided | 2026-05-18 | 2026-05-18 |
Known software with vulnerabilities from Mattermost
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mattermost | Mattermost | - |
| Application | Mattermost | Mattermost Desktop | 3.4.0 |
| Application | Mattermost | Mattermost Mobile | 1.26.0 |
| Application | Mattermost | Mattermost Packages | 5.16.3 |
| Application | Mattermost | Mattermost Plugins | 5.13.0 |
| Application | Mattermost | Mattermost Server | 0.5.0 |
| Application | Mattermost | Server | 5.19.0 |