CVE-2026-6341
EUVD-2026-3074618.05.2026, 08:16
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID: MMSA-2026-00602Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 10.13.0 ≤ 𝑥 ≤ 10.13.11 |
| mattermost | mattermost_server | 11.1.0 ≤ 𝑥 ≤ 11.1.5 |
| mattermost | mattermost_server | 11.3.0 ≤ 𝑥 ≤ 11.3.4 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 𝑥 ≤ 11.1.5 | CNA |
| mattermost | mattermost | 𝑥 ≤ 10.13.11 | CNA |
| mattermost | mattermost | 𝑥 ≤ 11.3.4 | CNA |
References