Mattermost
Monthly
Arbitrary file write in Mattermost Plugins (versions ≤1.1.5) lets an administrator of a remote, federated Mattermost server plant files at attacker-chosen paths inside the target server's filestore by supplying a malicious, unsanitized filename through the shared-channel attachment sync protocol. The flaw stems from CWE-22 path traversal in the export-path construction logic and carries CVSS 8.0 with a changed scope, reflecting that a compromised or hostile federation peer can affect resources beyond the plugin's intended boundary. There is no public exploit identified at time of analysis, and CISA's SSVC framework records exploitation status as 'none' but technical impact as 'total'.
Improper output escaping in NousResearch Hermes Agent versions up to 2026.4.16 allows remote unauthenticated attackers to manipulate message formatting in Slack and Mattermost integrations, potentially leading to information disclosure and service disruption. The vulnerability is exploitable via crafted format_message arguments with low attack complexity and requires no user interaction. Public exploit code is available via GitHub Gist. The vendor did not respond to early disclosure attempts, and no patch availability is documented.
OAuth scope validation bypass in Mattermost's GitHub integration allows authenticated users to escalate repository access beyond what was originally authorized. By manipulating the scope parameter in the GitHub OAuth authorization URL before the callback is processed, a low-privileged Mattermost user can obtain a GitHub token with broader permissions - including access to private repositories - than the application intended to grant. Affecting versions across four active release branches (10.11.x through 11.6.x), this is no public exploit identified at time of analysis and is not listed in CISA KEV, but the low complexity and authentication-only barrier make it a realistic insider or compromised-account risk.
Server crash via race condition in Mattermost's persistent notification and channel archival subsystem allows any low-privileged authenticated user to bring down the server with no user interaction required. Affected branches span 10.11.x through 11.6.x across multiple maintenance lines. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the low authentication bar combined with network accessibility and low attack complexity makes this a credible insider threat or targeted denial-of-service vector against any exposed Mattermost deployment.
File ownership and access control enforcement is absent in the Boards API across four release branches of Mattermost, allowing any authenticated user to access and download files belonging to other users or teams by submitting crafted API requests containing valid file IDs. Affected deployments span versions 10.11.x through 11.6.x per EUVD-2026-31429 and vendor advisory MMSA-2026-00620. CVSS scores this at 5.9 (Medium) reflecting high attack complexity due to the file ID prerequisite; no public exploit has been identified and the vulnerability is not listed in CISA KEV at time of analysis.
Authenticated denial-of-service in Mattermost's plugin subsystem allows a low-privileged user to crash the plugin process by sending a crafted HTTP request to the PR details API endpoint. Affected across four active release branches (10.11.x, 11.4.x, 11.5.x, 11.6.x), the flaw stems from missing input validation in API request handlers (CWE-1287). No public exploit code exists and the vulnerability is not listed in CISA KEV; however, the low authentication barrier (any valid account) combined with network accessibility makes it a realistic insider or post-compromise nuisance risk.
Team member role data leaks from Mattermost's API across multiple actively maintained release branches due to missing sanitization of response payloads for low-privilege callers. Any authenticated user - regardless of their team role - can invoke standard team API endpoints and receive unsanitized member objects that expose role designations such as admin or system_admin. The vulnerability spans 10.11.x through 11.6.x, has no public exploit code, and is not listed in CISA KEV, but the low attack complexity and broad version coverage make it a meaningful reconnaissance risk in enterprise or multi-tenant deployments.
Denial of service in Mattermost server (versions 11.6.0, 11.5.0-11.5.3, 11.4.0-11.4.4, and 10.11.0-10.11.14) allows remote attackers to crash the server process by sending a crafted msgpack-encoded binary WebSocket frame to the public endpoint. The flaw stems from missing validation of frame sizes before memory allocation, enabling a full service outage for all users. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects the unauthenticated network-reachable nature of the attack with high availability impact.
Denial of service in Mattermost's plugin HTTP endpoint layer allows an authenticated high-privilege attacker to exhaust server resources by sending crafted oversized HTTP request bodies. Affected across four concurrent release branches - 10.11.x through 11.6.x - with no published EPSS score and no confirmed active exploitation or public proof-of-concept at time of analysis. The CVSS score of 4.9 (Medium) accurately reflects the high-privilege prerequisite that meaningfully limits the realistic attacker population, though availability impact is rated High, meaning successful exploitation disrupts service availability entirely.
Uncontrolled memory allocation in Mattermost's TIFF image processing allows authenticated users to trigger server-side out-of-memory (OOM) conditions, effectively taking down the collaboration platform. Affected are all Mattermost deployments running versions 10.11.x through 11.6.0. Any account holding file upload or URL-posting permissions can exploit this remotely without elevated privileges, making it a realistic insider or compromised-account threat. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and broad authentication base increase practical risk.
SSRF protection bypass in NocoDB's notification webhook plugins (Slack, Discord, Mattermost, Teams) allows authenticated Editor-level users to issue outbound POST requests to arbitrary internal hosts, including cloud-metadata endpoints. The root cause is a misplaced axios argument: `httpAgent`/`httpsAgent` were serialized into the request body instead of being passed as axios connection config, rendering the `request-filtering-agent` SSRF guard entirely ineffective across all four plugins. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
SSO authentication callback origin validation failure in Mattermost Mobile Apps enables cross-server credential theft across multiple release branches (≤11.1.3, ≤11.3.2, ≤11.0.4, ≤10.11.11, ≤2.0.37). An attacker operating a malicious Mattermost server can relay the SSO authorization code exchange through a victim's mobile application to authenticate against a separate, legitimate Mattermost server - stealing valid session credentials without the victim's awareness. No public exploit has been identified at time of analysis, and CVSS AC:H constrains this to targeted, engineered attacks rather than opportunistic mass exploitation.
Privilege escalation via path traversal in Mattermost collaboration platform allows authenticated users to invoke arbitrary internal APIs using the system administrator's auth token by manipulating integration action URLs. Affected branches include 11.6.x, 11.5.x, 11.4.x, and 10.11.x, with no public exploit identified at time of analysis. CVSS 8.0 reflects high impact across confidentiality, integrity, and availability despite high attack complexity and required user interaction.
Incorrect authorization in Mattermost Playbooks (versions 11.5.0-11.5.1) allows any authenticated team member to create playbook runs in teams where they hold no run_create permission, by supplying an arbitrary team ID in the run creation API request. The server validates permissions only against the user's originating context rather than the target team specified in the payload, a classic authorization bypass rooted in CWE-863. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code is identified at time of analysis, but the low attack complexity makes this trivially exploitable by any authenticated insider or compromised account.
Mattermost Desktop App can be repeatedly crashed by malicious server administrators through JavaScript URL injection in pop-up windows. Attackers controlling a Mattermost server can force connected desktop clients to become unusable by exploiting improper URL validation, requiring user interaction (connecting to the malicious server). No public exploit code identified at time of analysis, though the attack method is trivial to implement given the disclosed details.
Mattermost Desktop App can be crashed remotely by malicious server administrators or plugin developers exploiting insufficient isolation of server-rendered content. Authenticated attackers with low-privilege server access who can control rendered content (via compromised server, malicious plugin, or modified server responses) can invoke window.close() to terminate the desktop client, causing a client-side denial of service. EPSS data not available; no public exploit code identified at time of analysis. CVSS 3.5 (Low severity) reflects limited impact scope - disruption to individual user sessions rather than system-wide compromise.
Server-Side Request Forgery in Mattermost 10.11.x through 11.5.1 allows authenticated attackers with slash command access to redirect custom slash command responses to attacker-controlled servers by manipulating the Host header. The vulnerability requires low-privileged authentication and high attack complexity (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N), resulting in a CVSS score of 3.5. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis. Vendor advisory available at mattermost.com/security-updates provides remediation guidance.
Password disclosure in Mattermost Server versions 11.5.0-11.5.1, 10.11.0-10.11.13, and 11.4.0-11.4.3 allows high-privilege administrators to view newly created user credentials, enabling impersonation attacks. The CVSS score of 6.5 reflects medium severity, requiring high-privilege access (PR:H) but offering network-based exploitation (AV:N) with low complexity (AC:L). While not currently listed in CISA KEV and no public exploit identified at time of analysis, the vendor-confirmed vulnerability (Mattermost Advisory MMSA-2026-00614) presents real risk in environments where privileged accounts are compromised or insider threats exist.
Mattermost versions up to 11.5.1 expose sensitive credentials in plaintext within support packets due to insufficient sanitization of configuration fields. System administrators or anyone with access to support packets can obtain database passwords, API keys, and other sensitive credentials by downloading support packets from the System Console. The vulnerability affects multiple version branches (10.11.x, 11.4.x, 11.5.x) and poses significant risk for credential theft and lateral movement.
Authenticated team members with 'Manage Own Slash Commands' permission can hijack existing slash commands in Mattermost 11.5.x through 11.5.1, 10.11.x through 10.11.13, and 11.4.x through 11.4.3 by editing their own command triggers to match already-registered system or custom commands. This privilege escalation flaw (CWE-863: Incorrect Authorization) enables command impersonation, allowing attackers to intercept and potentially manipulate user interactions with legitimate slash commands. With CVSS 4.3 (low-medium severity) and EPSS data unavailable, real-world risk depends heavily on organizational use of slash commands for sensitive operations. No public exploit identified at time of analysis, and the attack requires authenticated access with specific permissions, limiting immediate exposure compared to unauthenticated network vulnerabilities.
Unauthorized access to public playbooks in Mattermost 10.11.x through 11.5.x allows authenticated users without proper permissions to retrieve public playbooks via the /get endpoint. The vulnerability affects all versions from 10.11.0 through 10.11.13, 11.4.0 through 11.4.3, and 11.5.0 through 11.5.1 due to missing public/private permission validation. With CVSS 4.3 (Medium) and requiring authenticated access (PR:L), this represents a privilege escalation issue allowing disclosure of potentially sensitive playbook configurations, but is limited to low confidentiality impact without integrity or availability compromise. No active exploitation confirmed (not in CISA KEV) and EPSS data not provided.
Information disclosure in Mattermost Calls plugin versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 exposes TURN server credentials through support packets. Administrators with support packet access can extract plaintext credentials from exported plugin configurations, potentially compromising the WebRTC infrastructure used for voice/video calls. The vulnerability requires high privileges (admin) but affects confidentiality across trust boundaries (CVSS Scope:Changed).
Authenticated Mattermost users can read private channel threads and direct messages they lack access to by exploiting the AI post rewrite endpoint. Versions 11.5.0 and 11.5.1 fail to verify channel membership before processing AI-assisted message rewrites, enabling privilege escalation from low-privileged authenticated users to access confidential communications. CVSS 6.5 reflects network-accessible attack with low complexity requiring only basic authentication. EPSS data not available; no public exploit or KEV listing identified at time of analysis.
{option}` or `/gitlab webhook {option}`, resulting in availability impact (A:H) to the Gitlab plugin infrastructure. CVSS 6.5 reflects moderate risk, with EPSS data and active exploitation status not available at time of analysis.
Authorization bypass in Mattermost 10.11.x through 10.11.13 and 11.5.x through 11.5.1 allows authenticated users with 'Manage Playbook Configurations' permission to reassign playbooks to arbitrary teams via PUT API, circumventing team membership restrictions. This access control flaw enables lateral privilege escalation across team boundaries without proper authorization checks. EPSS exploitation probability data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis.
Authenticated Mattermost channel members can forcibly reveal burn-on-read messages without recipient consent by exploiting missing X-Requested-With header validation on the reveal endpoint through crafted Markdown image tags. This bypasses the intended ephemeral messaging security control in Mattermost versions 11.4.x through 11.4.3 and 11.5.x through 11.5.1. The CVSS vector indicates network-accessible exploitation by low-privileged authenticated users with low attack complexity. Exploitation status: no public exploit identified at time of analysis. EPSS data not provided.
Memory exhaustion denial of service in Mattermost Server versions 11.5.x through 11.5.1, 10.11.x through 10.11.13, and 11.4.x through 11.4.3 allows authenticated attackers to crash the server by uploading maliciously crafted 7zip archives containing excessive folder declarations. The vulnerability stems from insufficient validation of 7zip archive structure before decompression, enabling resource exhaustion attacks with low attack complexity. EPSS data not available, not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis.
Mattermost Plugins through version 11.5 allow authenticated users to bypass group-level access controls and create issues or attach comments to locked groups they should not access. Attackers holding membership in multiple groups can exploit missing API-level authorization checks via direct API requests to write data into restricted groups, violating intended access boundaries. EPSS risk data not available; CVSS 4.3 reflects low-privilege authenticated network attack with low complexity. No active exploitation confirmed by CISA KEV at time of analysis, though vendor advisory (MMSA-2026-00602) confirms the vulnerability.
Authorization bypass in Mattermost Plugins allows authenticated users to subscribe to unauthorized notification groups by exploiting prefix-matching namespace validation. Affected versions (≤11.5, 11.1.5, 10.13.11, 11.3.4.0) fail to enforce group whitelisting, enabling low-privileged plugin users to create groups sharing prefixes with authorized groups and thereby receive notifications or access information from out-of-scope channels. EPSS data unavailable; not listed in CISA KEV; CVSS 4.3 reflects low-privilege network exploitation with limited integrity impact but no confidentiality or availability compromise.
Cross-site scripting (XSS) in Mattermost Server 10.11.0-10.11.13 and 11.5.0-11.5.1 enables authenticated administrators to inject JavaScript code through unescaped variables in error page templates. Exploitation requires high-privilege (PR:H) administrative access to site configuration settings, limiting real-world risk despite network-based attack vector (AV:N). No active exploitation confirmed (not in CISA KEV). EPSS data not available for recent CVE. This is a stored XSS vulnerability affecting administrative workflows rather than end users.
Authenticated attackers can bypass token rotation in Mattermost's remote cluster invite confirmation process by reusing original invite tokens. The flaw affects Mattermost Server versions 11.5.x through 11.5.1 and 10.11.x through 10.11.13, allowing token reuse despite intended security controls. While rated low severity (CVSS 3.7), this represents an authentication bypass vulnerability (CWE-863) that undermines session management security. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Privilege escalation in Mattermost Server allows authenticated users with revoked channel posting permissions to continue modifying their existing posts. Affected versions include 11.5.0-11.5.1, 10.11.0-10.11.13, and 11.4.0-11.4.3. Attackers bypass authorization controls by sending direct API requests to post update and patch endpoints, circumventing permission checks that should prevent post edits after privileges are revoked. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. CVSS 4.3 (Medium) reflects low integrity impact limited to existing content modification.
Resource exhaustion in Mattermost Server 10.11.x through 11.5.1 allows authenticated users to trigger denial of service by sending oversized HTTP POST requests to the /api/v1/meetings endpoint. The vulnerability affects three active release branches with no request size validation on the meeting start API. EPSS data not available; no confirmed active exploitation (not in CISA KEV); authentication requirement (PR:L) reduces immediate exposure to internal or compromised users. Vendor advisory MMSA-2026-00608 confirms the issue.
Authorization bypass in Mattermost shared channel synchronization allows authenticated remote cluster administrators to remove arbitrary users from any channel, including private channels outside the attacker's authorization scope. Affects versions 11.5.x through 11.5.1, 10.11.x through 10.11.13, and 11.4.x through 11.4.3. CVSS 4.3 reflects the low-privilege requirement (authenticated remote cluster) and limited impact scope (integrity only, no data exposure), though cross-tenant authorization violations in collaboration platforms warrant attention. EPSS data unavailable; no public exploit identified at time of analysis; not listed in CISA KEV.
OAuth authorization code interception in Mattermost 10.11.x through 10.11.13 and 11.5.x through 11.5.1 allows authenticated OAuth clients to redeem authorization codes issued to different clients. An attacker controlling a malicious OAuth application can intercept and exchange authorization codes meant for legitimate applications, potentially gaining unauthorized access to user data or sessions. CVSS score of 3.1 reflects high attack complexity and required privileges, with EPSS data not provided. Vendor patch released per Mattermost advisory MMSA-2026-00570.
Authenticated users in Mattermost 11.5.x through 11.5.1 and 10.11.x through 10.11.13 can modify post attachments, properties, and pin status beyond the configured edit time window. The vulnerability bypasses the PostEditTimeLimit control via patch and update API endpoints, allowing indefinite modification of non-message post metadata after the intended edit window expires. CVSS 3.1 (Low) reflects network vector with high complexity and low-privilege requirements, while no public exploit or CISA KEV listing exists at time of analysis.
Client-side denial-of-service in Mattermost allows remote attackers to crash user browsers via maliciously crafted SVG files embedded in OpenGraph metadata or Markdown images. The vulnerability affects Mattermost Server versions 11.5.0-11.5.1, 10.11.0-10.11.13, and 11.4.0-11.4.3, where the server fails to validate proxied image response bodies. Attackers exploit this by serving SVG files with misleading Content-Type headers (e.g., image/png) that bypass validation, causing resource exhaustion when rendered in victim browsers. CVSS rates this 4.3 (Medium) with network attack vector requiring user interaction, while EPSS data is not available. No evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis.
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors, enabling local attackers with workspace access to redirect runtime traffic to malicious endpoints. The vulnerability requires local access and user interaction but allows high confidentiality impact through traffic interception. No active exploitation has been identified, but a vendor-released patch is available.
Mattermost versions 11.2.x through 11.2.2, 10.11.x through 10.11.10, 11.4.0, and 11.3.x through 11.3.1 fail to properly restrict team-level access during remote cluster membership synchronization, allowing a malicious remote cluster to grant users access to entire private teams rather than limiting access to only shared channels. An authenticated attacker controlling a federated remote cluster can send crafted membership sync messages to trigger unintended team membership assignment, resulting in unauthorized access to private team resources. The EPSS score of 0.03% (percentile 7%) indicates low real-world exploitation probability, and no public exploit code has been identified at time of analysis.
Mattermost 10.11.x through 10.11.10 fails to clear cached permalink preview data when a user's channel access is revoked, allowing authenticated users to view private channel content through previously cached previews until the cache expires or they re-login. An authenticated attacker who previously had access to a private channel can exploit this to maintain visibility into sensitive channel communications after access removal. A patch is not currently available for this medium-severity vulnerability.
Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier contain an array length handling vulnerability in the calls plugin that allows unauthenticated remote attackers to trigger out-of-memory (OOM) errors and crash the server by sending maliciously crafted msgpack frames over websocket connections. With a CVSS score of 5.8 and network-based attack vector requiring no privileges or user interaction, this denial-of-service vulnerability poses a moderate but easily exploitable availability risk to any exposed Mattermost deployment.
Mattermost versions 11.3.0 and 11.2.2 and earlier fail to properly validate the run_create permission when a playbook ID is empty, allowing authenticated team members to create unauthorized playbook runs through the API. This permission bypass could enable attackers with valid credentials to perform actions they should not be permitted to execute within the platform.
Mattermost versions 11.3.0, 11.2.2, and 10.11.10 and earlier lack proper memory bounds checking when processing DOC file uploads, enabling authenticated attackers to trigger server memory exhaustion and denial of service. An attacker with valid credentials can upload a specially crafted DOC file to exhaust available memory and crash the Mattermost server. This vulnerability currently lacks a patch and affects multiple active versions of the platform.
This vulnerability in Mattermost allows guest users to bypass team-specific file upload permissions through a cross-team file metadata reuse attack. Affected versions include Mattermost 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. An authenticated guest user can upload a file in a team where they have upload_file permission, then reuse that file's metadata in POST requests to channels in different teams where they lack upload permission, resulting in unauthorized file posting with potential integrity impact.
Mattermost fails to properly validate User-Agent header tokens in versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier, allowing authenticated attackers to trigger request panics through specially crafted User-Agent headers. This denial-of-service vulnerability affects availability but requires prior authentication and results in only low-severity impact. While the CVSS score of 4.3 reflects the low severity, the practical risk depends on whether the application is exposed to untrusted authenticated users and whether automatic exploitation tools are readily available.
Mattermost 10.11.x through 11.3.x fails to validate password length, allowing unauthenticated attackers to trigger denial of service by submitting multi-megabyte passwords during login attempts that consume excessive CPU and memory resources. The vulnerability affects all versions up to 10.11.10, 11.2.2, and 11.3.0, with no patch currently available.
This vulnerability in Mattermost allows unauthenticated attackers to achieve remote code execution and exfiltrate sensitive credentials through malicious plugin installation on CI test instances that retain default admin credentials. Affected versions include Mattermost 10.11.x through 10.11.10, 11.2.x through 11.2.2, and 11.3.0, with the core issue stemming from insufficient access controls on plugin installation combined with default credential exposure. An attacker can upload a malicious plugin after modifying the import directory to gain full system compromise and access AWS and SMTP credentials stored in configuration files.
Mattermost versions 11.3.x up to and including 11.3.0 contain an information disclosure vulnerability where burn-on-read posts fail to maintain their redacted state when deleted, allowing authenticated channel members to view previously hidden message contents through WebSocket post deletion events. The vulnerability requires low-privilege authenticated access and results in confidentiality loss of sensitive communications that were intentionally designed to be self-destructing. With a CVSS score of 4.3 and network-based attack vector, this represents a meaningful but contained risk primarily affecting organizations relying on Mattermost's burn-on-read feature for secure internal communications.
Mattermost fails to properly bound memory allocation when processing PSD (Photoshop) image files, allowing authenticated attackers to exhaust server memory and trigger denial of service by uploading a specially crafted PSD file. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. With a CVSS score of 4.3 and a low attack complexity requirement, this represents a moderate but exploitable risk for organizations running affected versions where user file upload is permitted.
This vulnerability is an improper access control flaw in Mattermost's channel search functionality that allows removed team members to enumerate all public channels within private teams. Affected versions include Mattermost 11.3.x through 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10. An authenticated attacker who has been removed from a team can query the channel search API endpoint to discover the complete list of public channels in that private team, resulting in information disclosure without requiring elevated privileges.
Mattermost fails to properly sanitize client-supplied post metadata in its post update API endpoint, allowing authenticated attackers to spoof permalink embeds and impersonate other users through crafted PUT requests. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. While the CVSS score of 4.3 is moderate and requires authentication, the integrity impact allows attackers to deceive users by falsely attributing messages to legitimate users, potentially facilitating social engineering or misinformation campaigns within Mattermost instances.
Mattermost fails to properly validate user permissions when filtering invite IDs during team creation, allowing authenticated users to bypass access controls and register unauthorized accounts using leaked or discovered invite tokens. Affected versions include Mattermost 11.3.0 and earlier in the 11.3.x branch, 11.2.2 and earlier in the 11.2.x branch, and 10.11.10 and earlier in the 10.11.x branch. An authenticated attacker with knowledge of valid invite IDs can circumvent intended access restrictions to create accounts that should be restricted, resulting in unauthorized account registration and potential lateral movement within the Mattermost instance.
Mattermost fails to enforce response size limits on integration action endpoints, allowing an authenticated attacker to trigger server memory exhaustion and denial of service by clicking an interactive message button that connects to a malicious integration server returning arbitrarily large responses. This vulnerability affects Mattermost versions 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. While the CVSS score of 5.3 is moderate, the attack requires user interaction (UI:R) and network access, but can be reliably triggered by any authenticated user interacting with crafted messages.
Arbitrary file write in Mattermost Plugins (versions ≤1.1.5) lets an administrator of a remote, federated Mattermost server plant files at attacker-chosen paths inside the target server's filestore by supplying a malicious, unsanitized filename through the shared-channel attachment sync protocol. The flaw stems from CWE-22 path traversal in the export-path construction logic and carries CVSS 8.0 with a changed scope, reflecting that a compromised or hostile federation peer can affect resources beyond the plugin's intended boundary. There is no public exploit identified at time of analysis, and CISA's SSVC framework records exploitation status as 'none' but technical impact as 'total'.
Improper output escaping in NousResearch Hermes Agent versions up to 2026.4.16 allows remote unauthenticated attackers to manipulate message formatting in Slack and Mattermost integrations, potentially leading to information disclosure and service disruption. The vulnerability is exploitable via crafted format_message arguments with low attack complexity and requires no user interaction. Public exploit code is available via GitHub Gist. The vendor did not respond to early disclosure attempts, and no patch availability is documented.
OAuth scope validation bypass in Mattermost's GitHub integration allows authenticated users to escalate repository access beyond what was originally authorized. By manipulating the scope parameter in the GitHub OAuth authorization URL before the callback is processed, a low-privileged Mattermost user can obtain a GitHub token with broader permissions - including access to private repositories - than the application intended to grant. Affecting versions across four active release branches (10.11.x through 11.6.x), this is no public exploit identified at time of analysis and is not listed in CISA KEV, but the low complexity and authentication-only barrier make it a realistic insider or compromised-account risk.
Server crash via race condition in Mattermost's persistent notification and channel archival subsystem allows any low-privileged authenticated user to bring down the server with no user interaction required. Affected branches span 10.11.x through 11.6.x across multiple maintenance lines. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the low authentication bar combined with network accessibility and low attack complexity makes this a credible insider threat or targeted denial-of-service vector against any exposed Mattermost deployment.
File ownership and access control enforcement is absent in the Boards API across four release branches of Mattermost, allowing any authenticated user to access and download files belonging to other users or teams by submitting crafted API requests containing valid file IDs. Affected deployments span versions 10.11.x through 11.6.x per EUVD-2026-31429 and vendor advisory MMSA-2026-00620. CVSS scores this at 5.9 (Medium) reflecting high attack complexity due to the file ID prerequisite; no public exploit has been identified and the vulnerability is not listed in CISA KEV at time of analysis.
Authenticated denial-of-service in Mattermost's plugin subsystem allows a low-privileged user to crash the plugin process by sending a crafted HTTP request to the PR details API endpoint. Affected across four active release branches (10.11.x, 11.4.x, 11.5.x, 11.6.x), the flaw stems from missing input validation in API request handlers (CWE-1287). No public exploit code exists and the vulnerability is not listed in CISA KEV; however, the low authentication barrier (any valid account) combined with network accessibility makes it a realistic insider or post-compromise nuisance risk.
Team member role data leaks from Mattermost's API across multiple actively maintained release branches due to missing sanitization of response payloads for low-privilege callers. Any authenticated user - regardless of their team role - can invoke standard team API endpoints and receive unsanitized member objects that expose role designations such as admin or system_admin. The vulnerability spans 10.11.x through 11.6.x, has no public exploit code, and is not listed in CISA KEV, but the low attack complexity and broad version coverage make it a meaningful reconnaissance risk in enterprise or multi-tenant deployments.
Denial of service in Mattermost server (versions 11.6.0, 11.5.0-11.5.3, 11.4.0-11.4.4, and 10.11.0-10.11.14) allows remote attackers to crash the server process by sending a crafted msgpack-encoded binary WebSocket frame to the public endpoint. The flaw stems from missing validation of frame sizes before memory allocation, enabling a full service outage for all users. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects the unauthenticated network-reachable nature of the attack with high availability impact.
Denial of service in Mattermost's plugin HTTP endpoint layer allows an authenticated high-privilege attacker to exhaust server resources by sending crafted oversized HTTP request bodies. Affected across four concurrent release branches - 10.11.x through 11.6.x - with no published EPSS score and no confirmed active exploitation or public proof-of-concept at time of analysis. The CVSS score of 4.9 (Medium) accurately reflects the high-privilege prerequisite that meaningfully limits the realistic attacker population, though availability impact is rated High, meaning successful exploitation disrupts service availability entirely.
Uncontrolled memory allocation in Mattermost's TIFF image processing allows authenticated users to trigger server-side out-of-memory (OOM) conditions, effectively taking down the collaboration platform. Affected are all Mattermost deployments running versions 10.11.x through 11.6.0. Any account holding file upload or URL-posting permissions can exploit this remotely without elevated privileges, making it a realistic insider or compromised-account threat. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and broad authentication base increase practical risk.
SSRF protection bypass in NocoDB's notification webhook plugins (Slack, Discord, Mattermost, Teams) allows authenticated Editor-level users to issue outbound POST requests to arbitrary internal hosts, including cloud-metadata endpoints. The root cause is a misplaced axios argument: `httpAgent`/`httpsAgent` were serialized into the request body instead of being passed as axios connection config, rendering the `request-filtering-agent` SSRF guard entirely ineffective across all four plugins. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
SSO authentication callback origin validation failure in Mattermost Mobile Apps enables cross-server credential theft across multiple release branches (≤11.1.3, ≤11.3.2, ≤11.0.4, ≤10.11.11, ≤2.0.37). An attacker operating a malicious Mattermost server can relay the SSO authorization code exchange through a victim's mobile application to authenticate against a separate, legitimate Mattermost server - stealing valid session credentials without the victim's awareness. No public exploit has been identified at time of analysis, and CVSS AC:H constrains this to targeted, engineered attacks rather than opportunistic mass exploitation.
Privilege escalation via path traversal in Mattermost collaboration platform allows authenticated users to invoke arbitrary internal APIs using the system administrator's auth token by manipulating integration action URLs. Affected branches include 11.6.x, 11.5.x, 11.4.x, and 10.11.x, with no public exploit identified at time of analysis. CVSS 8.0 reflects high impact across confidentiality, integrity, and availability despite high attack complexity and required user interaction.
Incorrect authorization in Mattermost Playbooks (versions 11.5.0-11.5.1) allows any authenticated team member to create playbook runs in teams where they hold no run_create permission, by supplying an arbitrary team ID in the run creation API request. The server validates permissions only against the user's originating context rather than the target team specified in the payload, a classic authorization bypass rooted in CWE-863. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code is identified at time of analysis, but the low attack complexity makes this trivially exploitable by any authenticated insider or compromised account.
Mattermost Desktop App can be repeatedly crashed by malicious server administrators through JavaScript URL injection in pop-up windows. Attackers controlling a Mattermost server can force connected desktop clients to become unusable by exploiting improper URL validation, requiring user interaction (connecting to the malicious server). No public exploit code identified at time of analysis, though the attack method is trivial to implement given the disclosed details.
Mattermost Desktop App can be crashed remotely by malicious server administrators or plugin developers exploiting insufficient isolation of server-rendered content. Authenticated attackers with low-privilege server access who can control rendered content (via compromised server, malicious plugin, or modified server responses) can invoke window.close() to terminate the desktop client, causing a client-side denial of service. EPSS data not available; no public exploit code identified at time of analysis. CVSS 3.5 (Low severity) reflects limited impact scope - disruption to individual user sessions rather than system-wide compromise.
Server-Side Request Forgery in Mattermost 10.11.x through 11.5.1 allows authenticated attackers with slash command access to redirect custom slash command responses to attacker-controlled servers by manipulating the Host header. The vulnerability requires low-privileged authentication and high attack complexity (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N), resulting in a CVSS score of 3.5. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis. Vendor advisory available at mattermost.com/security-updates provides remediation guidance.
Password disclosure in Mattermost Server versions 11.5.0-11.5.1, 10.11.0-10.11.13, and 11.4.0-11.4.3 allows high-privilege administrators to view newly created user credentials, enabling impersonation attacks. The CVSS score of 6.5 reflects medium severity, requiring high-privilege access (PR:H) but offering network-based exploitation (AV:N) with low complexity (AC:L). While not currently listed in CISA KEV and no public exploit identified at time of analysis, the vendor-confirmed vulnerability (Mattermost Advisory MMSA-2026-00614) presents real risk in environments where privileged accounts are compromised or insider threats exist.
Mattermost versions up to 11.5.1 expose sensitive credentials in plaintext within support packets due to insufficient sanitization of configuration fields. System administrators or anyone with access to support packets can obtain database passwords, API keys, and other sensitive credentials by downloading support packets from the System Console. The vulnerability affects multiple version branches (10.11.x, 11.4.x, 11.5.x) and poses significant risk for credential theft and lateral movement.
Authenticated team members with 'Manage Own Slash Commands' permission can hijack existing slash commands in Mattermost 11.5.x through 11.5.1, 10.11.x through 10.11.13, and 11.4.x through 11.4.3 by editing their own command triggers to match already-registered system or custom commands. This privilege escalation flaw (CWE-863: Incorrect Authorization) enables command impersonation, allowing attackers to intercept and potentially manipulate user interactions with legitimate slash commands. With CVSS 4.3 (low-medium severity) and EPSS data unavailable, real-world risk depends heavily on organizational use of slash commands for sensitive operations. No public exploit identified at time of analysis, and the attack requires authenticated access with specific permissions, limiting immediate exposure compared to unauthenticated network vulnerabilities.
Unauthorized access to public playbooks in Mattermost 10.11.x through 11.5.x allows authenticated users without proper permissions to retrieve public playbooks via the /get endpoint. The vulnerability affects all versions from 10.11.0 through 10.11.13, 11.4.0 through 11.4.3, and 11.5.0 through 11.5.1 due to missing public/private permission validation. With CVSS 4.3 (Medium) and requiring authenticated access (PR:L), this represents a privilege escalation issue allowing disclosure of potentially sensitive playbook configurations, but is limited to low confidentiality impact without integrity or availability compromise. No active exploitation confirmed (not in CISA KEV) and EPSS data not provided.
Information disclosure in Mattermost Calls plugin versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 exposes TURN server credentials through support packets. Administrators with support packet access can extract plaintext credentials from exported plugin configurations, potentially compromising the WebRTC infrastructure used for voice/video calls. The vulnerability requires high privileges (admin) but affects confidentiality across trust boundaries (CVSS Scope:Changed).
Authenticated Mattermost users can read private channel threads and direct messages they lack access to by exploiting the AI post rewrite endpoint. Versions 11.5.0 and 11.5.1 fail to verify channel membership before processing AI-assisted message rewrites, enabling privilege escalation from low-privileged authenticated users to access confidential communications. CVSS 6.5 reflects network-accessible attack with low complexity requiring only basic authentication. EPSS data not available; no public exploit or KEV listing identified at time of analysis.
{option}` or `/gitlab webhook {option}`, resulting in availability impact (A:H) to the Gitlab plugin infrastructure. CVSS 6.5 reflects moderate risk, with EPSS data and active exploitation status not available at time of analysis.
Authorization bypass in Mattermost 10.11.x through 10.11.13 and 11.5.x through 11.5.1 allows authenticated users with 'Manage Playbook Configurations' permission to reassign playbooks to arbitrary teams via PUT API, circumventing team membership restrictions. This access control flaw enables lateral privilege escalation across team boundaries without proper authorization checks. EPSS exploitation probability data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis.
Authenticated Mattermost channel members can forcibly reveal burn-on-read messages without recipient consent by exploiting missing X-Requested-With header validation on the reveal endpoint through crafted Markdown image tags. This bypasses the intended ephemeral messaging security control in Mattermost versions 11.4.x through 11.4.3 and 11.5.x through 11.5.1. The CVSS vector indicates network-accessible exploitation by low-privileged authenticated users with low attack complexity. Exploitation status: no public exploit identified at time of analysis. EPSS data not provided.
Memory exhaustion denial of service in Mattermost Server versions 11.5.x through 11.5.1, 10.11.x through 10.11.13, and 11.4.x through 11.4.3 allows authenticated attackers to crash the server by uploading maliciously crafted 7zip archives containing excessive folder declarations. The vulnerability stems from insufficient validation of 7zip archive structure before decompression, enabling resource exhaustion attacks with low attack complexity. EPSS data not available, not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis.
Mattermost Plugins through version 11.5 allow authenticated users to bypass group-level access controls and create issues or attach comments to locked groups they should not access. Attackers holding membership in multiple groups can exploit missing API-level authorization checks via direct API requests to write data into restricted groups, violating intended access boundaries. EPSS risk data not available; CVSS 4.3 reflects low-privilege authenticated network attack with low complexity. No active exploitation confirmed by CISA KEV at time of analysis, though vendor advisory (MMSA-2026-00602) confirms the vulnerability.
Authorization bypass in Mattermost Plugins allows authenticated users to subscribe to unauthorized notification groups by exploiting prefix-matching namespace validation. Affected versions (≤11.5, 11.1.5, 10.13.11, 11.3.4.0) fail to enforce group whitelisting, enabling low-privileged plugin users to create groups sharing prefixes with authorized groups and thereby receive notifications or access information from out-of-scope channels. EPSS data unavailable; not listed in CISA KEV; CVSS 4.3 reflects low-privilege network exploitation with limited integrity impact but no confidentiality or availability compromise.
Cross-site scripting (XSS) in Mattermost Server 10.11.0-10.11.13 and 11.5.0-11.5.1 enables authenticated administrators to inject JavaScript code through unescaped variables in error page templates. Exploitation requires high-privilege (PR:H) administrative access to site configuration settings, limiting real-world risk despite network-based attack vector (AV:N). No active exploitation confirmed (not in CISA KEV). EPSS data not available for recent CVE. This is a stored XSS vulnerability affecting administrative workflows rather than end users.
Authenticated attackers can bypass token rotation in Mattermost's remote cluster invite confirmation process by reusing original invite tokens. The flaw affects Mattermost Server versions 11.5.x through 11.5.1 and 10.11.x through 10.11.13, allowing token reuse despite intended security controls. While rated low severity (CVSS 3.7), this represents an authentication bypass vulnerability (CWE-863) that undermines session management security. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Privilege escalation in Mattermost Server allows authenticated users with revoked channel posting permissions to continue modifying their existing posts. Affected versions include 11.5.0-11.5.1, 10.11.0-10.11.13, and 11.4.0-11.4.3. Attackers bypass authorization controls by sending direct API requests to post update and patch endpoints, circumventing permission checks that should prevent post edits after privileges are revoked. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. CVSS 4.3 (Medium) reflects low integrity impact limited to existing content modification.
Resource exhaustion in Mattermost Server 10.11.x through 11.5.1 allows authenticated users to trigger denial of service by sending oversized HTTP POST requests to the /api/v1/meetings endpoint. The vulnerability affects three active release branches with no request size validation on the meeting start API. EPSS data not available; no confirmed active exploitation (not in CISA KEV); authentication requirement (PR:L) reduces immediate exposure to internal or compromised users. Vendor advisory MMSA-2026-00608 confirms the issue.
Authorization bypass in Mattermost shared channel synchronization allows authenticated remote cluster administrators to remove arbitrary users from any channel, including private channels outside the attacker's authorization scope. Affects versions 11.5.x through 11.5.1, 10.11.x through 10.11.13, and 11.4.x through 11.4.3. CVSS 4.3 reflects the low-privilege requirement (authenticated remote cluster) and limited impact scope (integrity only, no data exposure), though cross-tenant authorization violations in collaboration platforms warrant attention. EPSS data unavailable; no public exploit identified at time of analysis; not listed in CISA KEV.
OAuth authorization code interception in Mattermost 10.11.x through 10.11.13 and 11.5.x through 11.5.1 allows authenticated OAuth clients to redeem authorization codes issued to different clients. An attacker controlling a malicious OAuth application can intercept and exchange authorization codes meant for legitimate applications, potentially gaining unauthorized access to user data or sessions. CVSS score of 3.1 reflects high attack complexity and required privileges, with EPSS data not provided. Vendor patch released per Mattermost advisory MMSA-2026-00570.
Authenticated users in Mattermost 11.5.x through 11.5.1 and 10.11.x through 10.11.13 can modify post attachments, properties, and pin status beyond the configured edit time window. The vulnerability bypasses the PostEditTimeLimit control via patch and update API endpoints, allowing indefinite modification of non-message post metadata after the intended edit window expires. CVSS 3.1 (Low) reflects network vector with high complexity and low-privilege requirements, while no public exploit or CISA KEV listing exists at time of analysis.
Client-side denial-of-service in Mattermost allows remote attackers to crash user browsers via maliciously crafted SVG files embedded in OpenGraph metadata or Markdown images. The vulnerability affects Mattermost Server versions 11.5.0-11.5.1, 10.11.0-10.11.13, and 11.4.0-11.4.3, where the server fails to validate proxied image response bodies. Attackers exploit this by serving SVG files with misleading Content-Type headers (e.g., image/png) that bypass validation, causing resource exhaustion when rendered in victim browsers. CVSS rates this 4.3 (Medium) with network attack vector requiring user interaction, while EPSS data is not available. No evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis.
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors, enabling local attackers with workspace access to redirect runtime traffic to malicious endpoints. The vulnerability requires local access and user interaction but allows high confidentiality impact through traffic interception. No active exploitation has been identified, but a vendor-released patch is available.
Mattermost versions 11.2.x through 11.2.2, 10.11.x through 10.11.10, 11.4.0, and 11.3.x through 11.3.1 fail to properly restrict team-level access during remote cluster membership synchronization, allowing a malicious remote cluster to grant users access to entire private teams rather than limiting access to only shared channels. An authenticated attacker controlling a federated remote cluster can send crafted membership sync messages to trigger unintended team membership assignment, resulting in unauthorized access to private team resources. The EPSS score of 0.03% (percentile 7%) indicates low real-world exploitation probability, and no public exploit code has been identified at time of analysis.
Mattermost 10.11.x through 10.11.10 fails to clear cached permalink preview data when a user's channel access is revoked, allowing authenticated users to view private channel content through previously cached previews until the cache expires or they re-login. An authenticated attacker who previously had access to a private channel can exploit this to maintain visibility into sensitive channel communications after access removal. A patch is not currently available for this medium-severity vulnerability.
Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier contain an array length handling vulnerability in the calls plugin that allows unauthenticated remote attackers to trigger out-of-memory (OOM) errors and crash the server by sending maliciously crafted msgpack frames over websocket connections. With a CVSS score of 5.8 and network-based attack vector requiring no privileges or user interaction, this denial-of-service vulnerability poses a moderate but easily exploitable availability risk to any exposed Mattermost deployment.
Mattermost versions 11.3.0 and 11.2.2 and earlier fail to properly validate the run_create permission when a playbook ID is empty, allowing authenticated team members to create unauthorized playbook runs through the API. This permission bypass could enable attackers with valid credentials to perform actions they should not be permitted to execute within the platform.
Mattermost versions 11.3.0, 11.2.2, and 10.11.10 and earlier lack proper memory bounds checking when processing DOC file uploads, enabling authenticated attackers to trigger server memory exhaustion and denial of service. An attacker with valid credentials can upload a specially crafted DOC file to exhaust available memory and crash the Mattermost server. This vulnerability currently lacks a patch and affects multiple active versions of the platform.
This vulnerability in Mattermost allows guest users to bypass team-specific file upload permissions through a cross-team file metadata reuse attack. Affected versions include Mattermost 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. An authenticated guest user can upload a file in a team where they have upload_file permission, then reuse that file's metadata in POST requests to channels in different teams where they lack upload permission, resulting in unauthorized file posting with potential integrity impact.
Mattermost fails to properly validate User-Agent header tokens in versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier, allowing authenticated attackers to trigger request panics through specially crafted User-Agent headers. This denial-of-service vulnerability affects availability but requires prior authentication and results in only low-severity impact. While the CVSS score of 4.3 reflects the low severity, the practical risk depends on whether the application is exposed to untrusted authenticated users and whether automatic exploitation tools are readily available.
Mattermost 10.11.x through 11.3.x fails to validate password length, allowing unauthenticated attackers to trigger denial of service by submitting multi-megabyte passwords during login attempts that consume excessive CPU and memory resources. The vulnerability affects all versions up to 10.11.10, 11.2.2, and 11.3.0, with no patch currently available.
This vulnerability in Mattermost allows unauthenticated attackers to achieve remote code execution and exfiltrate sensitive credentials through malicious plugin installation on CI test instances that retain default admin credentials. Affected versions include Mattermost 10.11.x through 10.11.10, 11.2.x through 11.2.2, and 11.3.0, with the core issue stemming from insufficient access controls on plugin installation combined with default credential exposure. An attacker can upload a malicious plugin after modifying the import directory to gain full system compromise and access AWS and SMTP credentials stored in configuration files.
Mattermost versions 11.3.x up to and including 11.3.0 contain an information disclosure vulnerability where burn-on-read posts fail to maintain their redacted state when deleted, allowing authenticated channel members to view previously hidden message contents through WebSocket post deletion events. The vulnerability requires low-privilege authenticated access and results in confidentiality loss of sensitive communications that were intentionally designed to be self-destructing. With a CVSS score of 4.3 and network-based attack vector, this represents a meaningful but contained risk primarily affecting organizations relying on Mattermost's burn-on-read feature for secure internal communications.
Mattermost fails to properly bound memory allocation when processing PSD (Photoshop) image files, allowing authenticated attackers to exhaust server memory and trigger denial of service by uploading a specially crafted PSD file. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. With a CVSS score of 4.3 and a low attack complexity requirement, this represents a moderate but exploitable risk for organizations running affected versions where user file upload is permitted.
This vulnerability is an improper access control flaw in Mattermost's channel search functionality that allows removed team members to enumerate all public channels within private teams. Affected versions include Mattermost 11.3.x through 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10. An authenticated attacker who has been removed from a team can query the channel search API endpoint to discover the complete list of public channels in that private team, resulting in information disclosure without requiring elevated privileges.
Mattermost fails to properly sanitize client-supplied post metadata in its post update API endpoint, allowing authenticated attackers to spoof permalink embeds and impersonate other users through crafted PUT requests. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. While the CVSS score of 4.3 is moderate and requires authentication, the integrity impact allows attackers to deceive users by falsely attributing messages to legitimate users, potentially facilitating social engineering or misinformation campaigns within Mattermost instances.
Mattermost fails to properly validate user permissions when filtering invite IDs during team creation, allowing authenticated users to bypass access controls and register unauthorized accounts using leaked or discovered invite tokens. Affected versions include Mattermost 11.3.0 and earlier in the 11.3.x branch, 11.2.2 and earlier in the 11.2.x branch, and 10.11.10 and earlier in the 10.11.x branch. An authenticated attacker with knowledge of valid invite IDs can circumvent intended access restrictions to create accounts that should be restricted, resulting in unauthorized account registration and potential lateral movement within the Mattermost instance.
Mattermost fails to enforce response size limits on integration action endpoints, allowing an authenticated attacker to trigger server memory exhaustion and denial of service by clicking an interactive message button that connects to a malicious integration server returning arbitrarily large responses. This vulnerability affects Mattermost versions 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. While the CVSS score of 5.3 is moderate, the attack requires user interaction (UI:R) and network access, but can be reliably triggered by any authenticated user interacting with crafted messages.