CVE-2025-41443
16.10.2025, 08:15
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the `/api/v4/teams/{team_id}/channels/ids` endpointEnginsightAwaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration
References