Skip to main content

Mattermost Desktop

16 CVEs product

Monthly

CVE-2026-1628 MEDIUM This Month

Mattermost Desktop is affected by inclusion of functionality from untrusted control sphere (CVSS 4.6).

RCE Mattermost Desktop
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-1046 HIGH This Week

Arbitrary code execution in Mattermost Desktop App through version 6.2.0 results from insufficient validation of help menu links, enabling a malicious server administrator to execute arbitrary executables on affected users' systems when they click specially crafted help items. This vulnerability affects multiple versions including 5.2.13.0 and 6.0, requiring user interaction and authenticated server access to exploit. No patch is currently available for this HIGH severity vulnerability.

Information Disclosure Mattermost Desktop
NVD VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-1398 npm LOW PATCH Monitor

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mattermost Desktop macOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-45835 npm MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Google Mattermost Desktop
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-39772 npm MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Desktop
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-39613 npm HIGH PATCH This Week

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Mattermost Mattermost Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-37182 npm MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36287 npm LOW PATCH Monitor

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Mattermost Mattermost Desktop
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-5920 LOW Monitor

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Mattermost Information Disclosure Apple Mattermost Desktop
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-5876 MEDIUM This Month

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Mattermost Denial Of Service Mattermost Desktop
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5875 MEDIUM This Month

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-5339 MEDIUM This Month

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-2000 MEDIUM This Month

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Open Redirect Mattermost Desktop
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-14456 HIGH This Week

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-14455 MEDIUM This Month

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Desktop
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-14454 MEDIUM This Month

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Open Redirect Mattermost Desktop
NVD
CVSS 3.1
6.1
EPSS
0.7%
EPSS 0% CVSS 4.6
MEDIUM This Month

Mattermost Desktop is affected by inclusion of functionality from untrusted control sphere (CVSS 4.6).

RCE Mattermost Desktop
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Arbitrary code execution in Mattermost Desktop App through version 6.2.0 results from insufficient validation of help menu links, enabling a malicious server administrator to execute arbitrary executables on affected users' systems when they click specially crafted help items. This vulnerability affects multiple versions including 5.2.13.0 and 6.0, requiring user interaction and authenticated server access to exploit. No patch is currently available for this HIGH severity vulnerability.

Information Disclosure Mattermost Desktop
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mattermost Desktop +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Google +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Desktop
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Mattermost Mattermost Desktop
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Mattermost +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Mattermost Information Disclosure Apple +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Mattermost Denial Of Service Mattermost Desktop
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Open Redirect Mattermost Desktop
NVD
EPSS 0% CVSS 7.3
HIGH This Week

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Desktop
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Open Redirect Mattermost Desktop
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy