Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Network-accessible API (AV:N) requires manage_secure_connections permission (PR:L); C:H for auth token disclosure; no integrity or availability impact applies.
Primary rating from Vendor (Mattermost).
CVSS VectorVendor: Mattermost
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote cluster authentication tokens via a PATCH request to the remote cluster endpoint.. Mattermost Advisory ID: MMSA-2026-00662
AnalysisAI
Remote cluster authentication token disclosure in Mattermost's Secure Connections feature allows authenticated users holding the manage_secure_connections permission to retrieve plaintext inter-cluster credentials via a crafted PATCH request. Affected deployments span versions 10.11.x through 10.11.15, 11.5.x through 11.5.4, and 11.6.x through 11.6.1, with a CVSS-rated High confidentiality impact (6.5). No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but successful exploitation could undermine the trust model of federated multi-cluster deployments.
Technical ContextAI
Mattermost's Secure Connections feature enables federated communication between distinct Mattermost server deployments via a Remote Cluster API. The PATCH endpoint at the remote cluster resource is intended for updating cluster configuration, but the server returns API responses without sanitizing or redacting the authentication tokens used to authorize inter-cluster communication - a textbook CWE-201 (Insertion of Sensitive Information Into Sent Data) flaw, where secrets that should remain server-side are inadvertently reflected in outbound responses. The affected CPE is cpe:2.3:a:mattermost:mattermost across all editions (Team, E0, Enterprise) within the vulnerable version ranges. The root cause is the absence of a response-scrubbing layer for sensitive fields on PATCH operations, which may have been present on read (GET) operations but not applied consistently to mutation-response payloads.
RemediationAI
The primary fix is to upgrade Mattermost to a release beyond the affected version boundaries: past 11.6.1 in the 11.6.x branch, past 11.5.4 in the 11.5.x branch, or past 10.11.15 in the 10.11.x branch. Exact patched version numbers are not independently confirmed beyond the advisory - consult https://mattermost.com/security-updates (MMSA-2026-00662) for the specific fixed releases before upgrading. As an immediate compensating control, audit and restrict the manage_secure_connections permission to only the minimum set of administrators who operationally require it; removing it from non-essential accounts eliminates the attack surface entirely. Any remote cluster authentication tokens in use on affected deployments should be rotated after patching, as tokens obtained prior to remediation remain valid until explicitly invalidated.
More in Mattermost
View allDenial of service in linkify-it (npm) through v5.0.0 lets remote unauthenticated attackers wedge a rendering worker by s
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large auto
Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded w
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perf
Fleet is an open source osquery manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invit
Dex is a federated OpenID Connect provider written in Go. Rated critical severity (CVSS 9.6), this vulnerability is remo
Improper output escaping in NousResearch Hermes Agent versions up to 2026.4.16 allows remote unauthenticated attackers t
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, wh
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker posse
Privilege escalation in Mattermost server (11.6.x, 11.5.x, and 10.11.x branches) allows a low-privileged user holding gr
Authorization bypass in Mattermost Plugin Legal Hold versions <=1.1.4 allows authenticated attackers to manipulate legal
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36500
GHSA-9p44-r552-4wp9