CVE-2026-27769

| EUVD-2026-22873 LOW
2026-04-15 Mattermost
Authentication Bypass
2.7
CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 15, 2026 - 10:56 vuln.today

DescriptionNVD

Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. Mattermost Advisory ID: MMSA-2026-00603

AnalysisAI

Mattermost versions 10.11.0 through 10.11.12 fail to validate workspace ownership during Connected Workspaces API interactions, allowing a malicious remote server with high privileges to modify the displayed status of local users. This affects organizations using the Connected Workspaces federation feature and requires an attacker to already possess high administrative privileges on a connected remote instance. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-27769 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy