CVE-2026-3473
EUVD-2026-3142922.05.2026, 11:16
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs.. Mattermost Advisory ID: MMSA-2026-00620Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 10.11.0 ≤ 𝑥 < 10.11.15 |
| mattermost | mattermost_server | 11.4.0 ≤ 𝑥 < 11.4.5 |
| mattermost | mattermost_server | 11.5.0 ≤ 𝑥 < 11.5.4 |
| mattermost | mattermost_server | 11.6.0 ≤ 𝑥 < 11.6.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 𝑥 ≤ 11.6.0 | CNA |
| mattermost | mattermost | 11.5.0 ≤ 𝑥 ≤ 11.5.3 | CNA |
| mattermost | mattermost | 11.4.0 ≤ 𝑥 ≤ 11.4.4 | CNA |
| mattermost | mattermost | 10.11.0 ≤ 𝑥 ≤ 10.11.14 | CNA |
Common Weakness Enumeration
References