Known Vulnerabilities for products from Mattermost
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mattermost".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45003 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-28741 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-28736 json | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This all... | Not Provided | 2026-04-03 | 2026-04-28 |
| CVE-2026-27769 json | Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspac... | Not Provided | 2026-04-15 | 2026-04-22 |
| CVE-2026-25773 json | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic ... | Not Provided | 2026-04-03 | 2026-04-28 |
| CVE-2026-24661 json | Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows a... | Not Provided | 2026-04-09 | 2026-04-17 |
| CVE-2026-21388 json | Not Provided | 2026-04-09 | 2026-04-09 | |
| CVE-2026-3590 json | Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-u... | Not Provided | 2026-04-15 | 2026-04-22 |
| CVE-2026-3524 json | Not Provided | 2026-04-06 | 2026-04-07 | |
| CVE-2026-3116 json | Not Provided | 2026-03-26 | 2026-03-26 | |
| CVE-2026-3115 json | Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to apply view restrictions... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-3114 json | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate decompressed a... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-3113 json | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to set permissions on down... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-3112 json | Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Loggi... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-3108 json | Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlle... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2023-48369 json | 5.3 - MEDIUM | 2023-11-27 | 2023-12-01 | |
| CVE-2023-48268 json | 7.5 - HIGH | 2023-11-27 | 2023-12-01 | |
| CVE-2023-47865 json | 4.3 - MEDIUM | 2023-11-27 | 2023-12-01 | |
| CVE-2023-47168 json | 6.1 - MEDIUM | 2023-11-27 | 2023-12-01 | |
| CVE-2023-45223 json | 4.3 - MEDIUM | 2023-11-27 | 2023-12-01 |
Known software with vulnerabilities from Mattermost
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mattermost | Mattermost | - |
| Application | Mattermost | Mattermost Desktop | 3.4.0 |
| Application | Mattermost | Mattermost Mobile | 1.26.0 |
| Application | Mattermost | Mattermost Packages | 5.16.3 |
| Application | Mattermost | Mattermost Plugins | 5.13.0 |
| Application | Mattermost | Mattermost Server | 0.5.0 |
| Application | Mattermost | Server | 5.19.0 |