CVE-2026-22880
EUVD-2026-3125021.05.2026, 09:16
Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO code exchange flow through the mobile application. Mattermost Advisory ID: MMSA-2025-00564
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 𝑥 ≤ 2.0.37 | CNA |
| mattermost | mattermost | 𝑥 ≤ 11.0.4 | CNA |
| mattermost | mattermost | 𝑥 ≤ 11.1.3 | CNA |
| mattermost | mattermost | 𝑥 ≤ 11.3.2 | CNA |
| mattermost | mattermost | 𝑥 ≤ 10.11.11 | CNA |
Common Weakness Enumeration
References