Is Mattermost affected by EUVD-2026-12413?

CVE-2026-2462 presents notable security risk, a incorrect authorization vulnerability rated CVSS 6.6. Attackers could gain access beyond their authorized level. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2026-12413

Q: How to fix EUVD-2026-12413?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

| CVE-2026-2462 MEDIUM

2026-03-16 Mattermost

6.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 13:00 euvd

EUVD-2026-12413

Analysis Generated

Mar 16, 2026 - 13:00 vuln.today

CVE Published

Mar 16, 2026 - 12:00 nvd

MEDIUM 6.6

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and SMTP credentials via uploading a malicious plugin after changing the import directory. Mattermost Advisory ID: MMSA-2025-00528

Analysis

This vulnerability in Mattermost allows unauthenticated attackers to achieve remote code execution and exfiltrate sensitive credentials through malicious plugin installation on CI test instances that retain default admin credentials. Affected versions include Mattermost 10.11.x through 10.11.10, 11.2.x through 11.2.2, and 11.3.0, with the core issue stemming from insufficient access controls on plugin installation combined with default credential exposure. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +33

POC: 0

EUVD-2026-12413 vulnerability details – vuln.today

Back

EUVD-2026-12413

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-12413

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code