certfr_avis - certfr-2026-avi-0446

CERTFR-2026-AVI-0446

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Mattermost Server. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une injection de requêtes illégitimes par rebond (CSRF) et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mattermost	Mattermost Server	Mattermost Server versions 10.11.x antérieures à 10.11.14
Mattermost	Mattermost Server	Mattermost Server versions 11.5.x antérieures à 11.5.2
Mattermost	Mattermost Server	Mattermost Server versions 11.4.x antérieures à 11.4.4
Mattermost	Mattermost Server	Mattermost Server versions 11.3.x antérieures à 11.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Mattermost MMSA-2026-00582	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00608	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00576	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00607	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00575	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00614	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00573	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00630	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00622	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00627	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00570	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00636	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00591	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00625	2026-03-16	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00645	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00603	2026-03-16	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00597	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00624	2026-03-16	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00605	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00631	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2025-00552	2026-04-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mattermost Server versions 10.11.x ant\u00e9rieures \u00e0 10.11.14",
      "product": {
        "name": "Mattermost Server",
        "vendor": {
          "name": "Mattermost",
          "scada": false
        }
      }
    },
    {
      "description": "Mattermost Server versions 11.5.x ant\u00e9rieures \u00e0 11.5.2",
      "product": {
        "name": "Mattermost Server",
        "vendor": {
          "name": "Mattermost",
          "scada": false
        }
      }
    },
    {
      "description": "Mattermost Server versions 11.4.x ant\u00e9rieures \u00e0 11.4.4",
      "product": {
        "name": "Mattermost Server",
        "vendor": {
          "name": "Mattermost",
          "scada": false
        }
      }
    },
    {
      "description": "Mattermost Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.3\n",
      "product": {
        "name": "Mattermost Server",
        "vendor": {
          "name": "Mattermost",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-4265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4265"
    },
    {
      "name": "CVE-2026-28741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28741"
    },
    {
      "name": "CVE-2026-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3590"
    },
    {
      "name": "CVE-2026-27769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27769"
    },
    {
      "name": "CVE-2026-4274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4274"
    }
  ],
  "initial_release_date": "2026-04-16T00:00:00",
  "last_revision_date": "2026-04-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0446",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mattermost Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mattermost Server",
  "vendor_advisories": [
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00582",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00608",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00576",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00607",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00575",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00614",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00573",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00630",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00622",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00627",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00570",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00636",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00591",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00625",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00645",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00603",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00597",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00624",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00605",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00631",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2025-00552",
      "url": "https://mattermost.com/security-updates/"
    }
  ]
}

CVE-2026-4274 (GCVE-0-2026-4274)

Vulnerability from cvelistv5

Published

2026-03-26 10:43

Modified

2026-03-26 13:58

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-863 - Incorrect Authorization

Summary

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574

References

URL

Tags

https://mattermost.com/security-updates

vendor-advisory

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Version: 11.2.0 ≤ 11.2.2 Version: 10.11.0 ≤ 10.11.10 Version: 11.4.0 ≤ 11.4.0 Version: 11.3.0 ≤ 11.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4274",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T13:58:33.420989Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T13:58:41.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.2.2",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.11.10",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.4.0",
              "status": "affected",
              "version": "11.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.3.1",
              "status": "affected",
              "version": "11.3.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.5.0"
            },
            {
              "status": "unaffected",
              "version": "11.2.3"
            },
            {
              "status": "unaffected",
              "version": "10.11.11"
            },
            {
              "status": "unaffected",
              "version": "11.4.1"
            },
            {
              "status": "unaffected",
              "version": "11.3.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "daw10"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10, 11.4.x \u003c= 11.4.0, 11.3.x \u003c= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T10:43:24.611Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00574",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00574",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-67099"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-4274",
    "datePublished": "2026-03-26T10:43:24.611Z",
    "dateReserved": "2026-03-16T15:18:50.150Z",
    "dateUpdated": "2026-03-26T13:58:41.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3590 (GCVE-0-2026-3590)

Vulnerability from cvelistv5

Published

2026-04-15 11:00

Modified

2026-04-15 14:00

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Summary

Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent requests.. Mattermost Advisory ID: MMSA-2026-00624

References

URL

Tags

https://mattermost.com/security-updates

vendor-advisory

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Version: 10.11.0 ≤ 10.11.12 Version: 11.5.0 ≤ 11.5.0 Version: 11.4.0 ≤ 11.4.2 Version: 11.3.0 ≤ 11.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T14:00:15.919479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T14:00:27.030Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "10.11.12",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.5.0",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.4.2",
              "status": "affected",
              "version": "11.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.3.2",
              "status": "affected",
              "version": "11.3.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.6.0"
            },
            {
              "status": "unaffected",
              "version": "10.11.13"
            },
            {
              "status": "unaffected",
              "version": "11.5.1"
            },
            {
              "status": "unaffected",
              "version": "11.4.3"
            },
            {
              "status": "unaffected",
              "version": "11.3.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Edgar Bellot Mic\u00f3"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 10.11.x \u003c= 10.11.12, 11.5.x \u003c= 11.5.0, 11.4.x \u003c= 11.4.2, 11.3.x \u003c= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent requests.. Mattermost Advisory ID: MMSA-2026-00624"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T11:00:14.880Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.6.0, 10.11.13, 11.5.1, 11.4.3, 11.3.3 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00624",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-67791"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Race Condition in Guest Magic Link Authentication Allows Token Reuse",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-3590",
    "datePublished": "2026-04-15T11:00:14.880Z",
    "dateReserved": "2026-03-05T11:34:57.712Z",
    "dateUpdated": "2026-04-15T14:00:27.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28741 (GCVE-0-2026-28741)

Vulnerability from cvelistv5

Published

2026-04-15 10:13

Modified

2026-04-15 15:39

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Summary

Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost Advisory ID: MMSA-2026-00625

References

URL

Tags

https://mattermost.com/security-updates

vendor-advisory

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Version: 10.11.0 ≤ 10.11.12 Version: 11.5.0 ≤ 11.5.0 Version: 11.4.0 ≤ 11.4.2 Version: 11.3.0 ≤ 11.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28741",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T15:39:07.449816Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T15:39:52.265Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "10.11.12",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.5.0",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.4.2",
              "status": "affected",
              "version": "11.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.3.2",
              "status": "affected",
              "version": "11.3.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "10.11.13"
            },
            {
              "status": "unaffected",
              "version": "11.5.1"
            },
            {
              "status": "unaffected",
              "version": "11.4.3"
            },
            {
              "status": "unaffected",
              "version": "11.3.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Eva Sarafianou"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 10.11.x \u003c= 10.11.12, 11.5.x \u003c= 11.5.0, 11.4.x \u003c= 11.4.2, 11.3.x \u003c= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user\u0027s authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost Advisory ID: MMSA-2026-00625"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T10:13:33.950Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00625",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 10.11.13, 11.5.1, 11.4.3, 11.3.3 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00625",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-67789"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "CSRF Protection Bypass Allows Updating a User\u0027s Authentication Method",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-28741",
    "datePublished": "2026-04-15T10:13:33.950Z",
    "dateReserved": "2026-03-10T13:45:39.984Z",
    "dateUpdated": "2026-04-15T15:39:52.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27769 (GCVE-0-2026-27769)

Vulnerability from cvelistv5

Published

2026-04-15 10:11

Modified

2026-04-15 13:08

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-862 - Missing Authorization

Summary

Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. Mattermost Advisory ID: MMSA-2026-00603

References

URL

Tags

https://mattermost.com/security-updates

vendor-advisory

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Version: 10.11.0 ≤ 10.11.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27769",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T13:08:29.628271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T13:08:35.452Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "10.11.12",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.5.0"
            },
            {
              "status": "unaffected",
              "version": "10.11.13"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "daw10"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 10.11.x \u003c= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. Mattermost Advisory ID: MMSA-2026-00603"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T10:11:07.676Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00603",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.5.0, 10.11.13 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00603",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-67521"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Connected Workspaces: Malicious remote server can manipulate arbitrary user\u0027s status",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-27769",
    "datePublished": "2026-04-15T10:11:07.676Z",
    "dateReserved": "2026-03-16T08:51:03.250Z",
    "dateUpdated": "2026-04-15T13:08:35.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4265 (GCVE-0-2026-4265)

Vulnerability from cvelistv5

Published

2026-03-16 12:07

Modified

2026-03-16 13:49

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-863 - Incorrect Authorization

Summary

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-specific upload_file permissions which allows a guest user to post files in channels where they lack upload_file permission via uploading files in a team where they have permission and reusing the file metadata in a POST request to a different team. Mattermost Advisory ID: MMSA-2025-00553

References

URL

Tags

https://mattermost.com/security-updates

vendor-advisory

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Version: 11.3.0 ≤ 11.3.0 Version: 11.2.0 ≤ 11.2.2 Version: 10.11.0 ≤ 10.11.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T13:41:40.647671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T13:49:55.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.3.0",
              "status": "affected",
              "version": "11.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.2.2",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.11.10",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.4.0"
            },
            {
              "status": "unaffected",
              "version": "11.3.1"
            },
            {
              "status": "unaffected",
              "version": "11.2.3"
            },
            {
              "status": "unaffected",
              "version": "10.11.11"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "0x7oda7123"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 11.3.x \u003c= 11.3.0, 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10 fail to validate team-specific upload_file permissions which allows a guest user to post files in channels where they lack upload_file permission via uploading files in a team where they have permission and reusing the file metadata in a POST request to a different team. Mattermost Advisory ID: MMSA-2025-00553"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T12:07:14.659Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2025-00553",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.4.0, 11.3.1, 11.2.3, 10.11.11 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2025-00553",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-66478"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Guest user can upload files without permission across teams",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-4265",
    "datePublished": "2026-03-16T12:07:14.659Z",
    "dateReserved": "2026-03-16T12:05:32.172Z",
    "dateUpdated": "2026-03-16T13:49:55.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2026-AVI-0446

Vulnerability from certfr_avis

Solutions

CVE-2026-4274 (GCVE-0-2026-4274)

Vulnerability from cvelistv5

CVE-2026-3590 (GCVE-0-2026-3590)

Vulnerability from cvelistv5

CVE-2026-28741 (GCVE-0-2026-28741)

Vulnerability from cvelistv5

CVE-2026-27769 (GCVE-0-2026-27769)

Vulnerability from cvelistv5

CVE-2026-4265 (GCVE-0-2026-4265)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature