EUVD-2026-16238
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
4Tags
Description
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost Advisory ID: MMSA-2025-00562
Analysis
Mattermost Advanced Logging configuration fails to properly validate file target paths, allowing authenticated system administrators to read arbitrary files from the host system during support packet generation. The vulnerability affects Mattermost versions 11.4.0 and earlier in the 11.4.x line, 11.3.1 and earlier in the 11.3.x line, 11.2.3 and earlier in the 11.2.x line, and 10.11.11 and earlier in the 10.11.x line. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review file handling controls.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Debian
Bug #823556| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| open | - | - |
Share
External POC / Exploit Code
Leaving vuln.today