Known Vulnerabilities for products from Mattermost
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mattermost".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-53837 json | Not Provided | 2026-06-12 | 2026-06-15 | |
| CVE-2026-46548 json | Not Provided | 2026-06-23 | 2026-06-24 | |
| CVE-2026-45003 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-28759 json | Not Provided | 2026-05-18 | 2026-05-18 | |
| CVE-2026-28741 json | Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on... | Not Provided | 2026-04-15 | 2026-04-22 |
| CVE-2026-28736 json | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This all... | Not Provided | 2026-04-03 | 2026-04-28 |
| CVE-2026-28732 json | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word unique... | Not Provided | 2026-05-18 | 2026-05-19 |
| CVE-2026-27769 json | Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspac... | Not Provided | 2026-04-15 | 2026-04-22 |
| CVE-2026-25773 json | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic ... | Not Provided | 2026-04-03 | 2026-04-28 |
| CVE-2026-24661 json | Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows a... | Not Provided | 2026-04-09 | 2026-04-17 |
| CVE-2026-22880 json | Not Provided | 2026-05-21 | 2026-05-21 | |
| CVE-2026-21388 json | Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows a... | Not Provided | 2026-04-09 | 2026-04-25 |
| CVE-2026-13426 json | Not Provided | 2026-06-26 | 2026-06-26 | |
| CVE-2026-10106 json | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an ... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-10103 json | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared chann... | Not Provided | 2026-07-13 | 2026-07-14 |
| CVE-2026-10085 json | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel fl... | Not Provided | 2026-07-13 | 2026-07-14 |
| CVE-2026-9824 json | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permissi... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-9820 json | Mattermost versions 11.7.x <= 11.7.2, 10.11.x <= 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-9708 json | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate that an assigned incoming webhoo... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-9597 json | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating ... | Not Provided | 2026-07-13 | 2026-07-13 |
Known software with vulnerabilities from Mattermost
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mattermost | Mattermost | - |
| Application | Mattermost | Mattermost Desktop | 3.4.0 |
| Application | Mattermost | Mattermost Mobile | 1.26.0 |
| Application | Mattermost | Mattermost Packages | 5.16.3 |
| Application | Mattermost | Mattermost Plugins | 5.13.0 |
| Application | Mattermost | Mattermost Server | 0.5.0 |
| Application | Mattermost | Server | 5.19.0 |