mattermost
Latest CVEs
The 15 most recently published vulnerabilities affecting mattermost.
- CVE-2026-4339SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server6.5
- CVE-2026-9699Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors6.8
- CVE-2026-3472Markdown image rendering bypass in AI bot tool result posts in Mattermost3.5
- CVE-2026-13426Client4 fails to validate path parameters5.4
- CVE-2026-2299Improper Access Control in Mattermost Google Drive Plugin File Creation Endpoint4.2
- CVE-2026-8823User Manager can demote bot accounts to guest without bot-management permission3.8
- CVE-2026-6062IDOR in Jira plugin subscription edit endpoint6.4
- CVE-2026-6673Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install6.4
- CVE-2026-8074Improper Permission Check Allows User Manager to Deactivate Bot Accounts3.8
- CVE-2026-9162Global session revocation does not invalidate active WebSocket connections4.3
- CVE-2026-5139GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration5.4
- CVE-2026-8683Overly long URLs crash the Mattermost Desktop App6.5
- CVE-2026-6517Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed6.3
- CVE-2026-6961CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync7.6
- CVE-2026-7387Mattermost group syncable endpoints allow privilege escalation via scheme_admin8.8