CVE-2026-3473

EUVD-2026-31429
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs.. Mattermost Advisory ID: MMSA-2026-00620
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
MattermostCNA
5.9 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
mattermostmattermost_server
10.11.0 ≤
𝑥
< 10.11.15
mattermostmattermost_server
11.4.0 ≤
𝑥
< 11.4.5
mattermostmattermost_server
11.5.0 ≤
𝑥
< 11.5.4
mattermostmattermost_server
11.6.0 ≤
𝑥
< 11.6.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mattermostmattermost
𝑥
≤ 11.6.0
CNA
mattermostmattermost
11.5.0 ≤
𝑥
≤ 11.5.3
CNA
mattermostmattermost
11.4.0 ≤
𝑥
≤ 11.4.4
CNA
mattermostmattermost
10.11.0 ≤
𝑥
≤ 10.11.14
CNA