SecAlerts
CVE ListPricingSign Up
mattermost logo

mattermost

Security Risk Profile

33
/100
low

Security Risk Score

Comprehensive risk assessment based on 577 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from June 19, 2020 to present

577
Total CVEs
145
Critical+High
0
Exploited
70
Unpatched

Threat Assessment

Avg CVSS
5.8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
70
Critical/High
Risk Level
33/100
low
🆕 12Fresh (<7d)📈 35 in Last 30 Days

Severity Distribution

Critical
26
High
119
Medium
392
Low
40

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
80

Age Distribution

Common Weaknesses (CWE)

1
Infoleak
49
2
XSS
28
3
Path Traversal
19
4
CSRF
15
5
Input Validation
14

Most Affected Products

1. Mattermost Mattermost Server1330
2. go/github.com/mattermost/mattermost/server/v8402
3. Mattermost Mattermost367
4. go/github.com/mattermost/mattermost-server164
5. go/github.com/mattermost/mattermost-server/v655

Recent Vulnerabilities

See more →
CVE-2026-4915
CVSS 6.5medium

Server panic via outgoing webhook responses

5/25/2026
CVE-2026-28735
CVSS 5.4medium

GitHub OAuth Scope Validation

5/22/2026
CVE-2026-4635
CVSS 6.5medium

Persistent notification timing attack causing server denial of service

5/22/2026
CVE-2026-3473
CVSS 5.9medium

Improper file ownership validation in the Boards API allows unauthorised file access

5/22/2026
CVE-2026-4646
CVSS 4.3medium

Insufficient input validation in GitHub plugin API causes denial of service

5/22/2026
CVE-2026-3636
CVSS 4.3medium

Sanitize team member data returned by API

5/22/2026
CVE-2026-5740
CVSS 7.5high

Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

5/22/2026
CVE-2026-5308
CVSS 4.9medium

Missing request body size limits on Zoom plugin HTTP endpoints

5/22/2026
CVE-2026-5755
CVSS 6.5medium

Denial of service via crafted TIFF file upload

5/22/2026
CVE-2026-22880
CVSS 6.1medium

Mobile SSO authentication flow allows credential theft via malicious server

5/21/2026

Monitor mattermost in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

mattermost Security Vulnerabilities & Risk Score | 577 CVEs | SecAlerts - SecAlerts