Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how mattermost compares to other vendors in security performance

View Risk Score →

Software

mattermost
376
mattermost mattermost server
90
mattermost mattermost
87
mattermost desktop
17
mattermost mattermost desktop app
6
mattermost mobile apps
5
mattermost mattermost desktop
4
mattermost boards
2
mattermost focalboard
2
mattermost mattermost plugins
2
mattermost mattermost zoom plugin
2
mattermost ms teams plugin
2
mattermost zoom mattermost
2
mattermost/plugins
2
mattermost boards plugin
1
mattermost channel export mattermost
1
mattermost confluence mattermost
1
mattermost legal hold plugin
1
mattermost mattermost calls
1
mattermost mattermost gitlab plugin
1
mattermost mattermost jira plugin
1
mattermost mattermost mobile
1
mattermost mattermost mobile apps
1
mattermost mattermost playbooks plugin
1
mattermost mattermost plugin msteams
1
mattermost ms teams
1
mattermost ms teams mattermost
1
mattermost playbooks
1
mattermost playbooks plugin
1
mattermost plugin zoom
1
mattermost/github-plugin
1

Mattermost Mattermost ServerServer panic via outgoing webhook responses

Risk 38
Severity
6.5
First published (updated )
CVE-2026-4915

Mattermost MattermostGitHub OAuth Scope Validation

Risk 34
Severity
5.4
First published (updated )
CVE-2026-28735

Mattermost MattermostPersistent notification timing attack causing server denial of service

Risk 38
Severity
6.5
First published (updated )
CVE-2026-4635

Mattermost MattermostImproper file ownership validation in the Boards API allows unauthorised file access

Risk 42
Severity
5.9
First published (updated )
CVE-2026-3473

Mattermost MattermostInsufficient input validation in GitHub plugin API causes denial of service

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4646
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost MattermostSanitize team member data returned by API

Risk 22
Severity
4.3
First published (updated )
CVE-2026-3636

Mattermost Mattermost ServerUnauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Risk 43
Severity
7.5
First published (updated )
CVE-2026-5740

Mattermost MattermostMissing request body size limits on Zoom plugin HTTP endpoints

Risk 30
Severity
4.9
First published (updated )
CVE-2026-5308

Mattermost MattermostDenial of service via crafted TIFF file upload

Risk 38
Severity
6.5
First published (updated )
CVE-2026-5755

Mattermost Mattermost Mobile AppsMobile SSO authentication flow allows credential theft via malicious server

Risk 35
Severity
6.1
First published (updated )
CVE-2026-22880
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost ServerPath traversal in integration action URL leading to arbitrary API execution via system admin’s auth token.

Risk 82
Severity
9.9
First published (updated )
CVE-2026-4858

Mattermost Mattermost ServerInsufficient permission validation on cross-team playbook run creation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4055

Mattermost Mattermost Desktop AppOpening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop App

Risk 37
Severity
6.5
First published (updated )
CVE-2026-3471

Mattermost Mattermost Desktop AppCalling window.close() from server-side content causes crash in the Mattermost Desktop App

Risk 19
Severity
3.5
First published (updated )
CVE-2026-4643

Mattermost Mattermost ServerSSRF via Host Header Spoofing in Custom Slash Commands

Risk 26
Severity
5
First published (updated )
CVE-2026-6333
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost ServerPrevent password disclosure and force reset during Slack import

Risk 49
Severity
6.5
First published (updated )
CVE-2026-6345

Mattermost Mattermost ServerSensitive credentials exposed in plaintext in Mattermost support packets

Risk 59
Severity
8.7
First published (updated )
CVE-2026-6346

Mattermost Mattermost ServerSlash command trigger-word update allowed command hijacking

Risk 22
Severity
4.3
First published (updated )
CVE-2026-28732

Mattermost Mattermost ServerMattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6343

Mattermost Mattermost ServerMattermost Calls plugin exposes TURN server credentials in plaintext in support packets

Risk 47
Severity
7.6
First published (updated )
CVE-2026-6347
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost MattermostMissing authorization check in AI message rewrite endpoint allows access to private thread content

Risk 38
Severity
6.5
First published (updated )
CVE-2026-5163

Mattermost Mattermost GitLab pluginInstance and webhook GitLab plugin commands were able to be run by non-admin users

Risk 38
Severity
6.5
First published (updated )
CVE-2026-3117

Mattermost Mattermost ServerPlaybooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4286

Mattermost Mattermost ServerMissing request origin validation on burn-on-read reveal endpoint

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6339

Mattermost Mattermost ServerMemory Exhaustion via Malicious 7zip File Upload

Risk 38
Severity
6.5
First published (updated )
CVE-2026-6340
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost PluginsIncomplete group locking implementation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6341

Mattermost Mattermost PluginsGroup prefix matching bypass for subscriptions

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6342

Mattermost Mattermost ServerUnescaped variables during error page composition

Risk 29
Severity
4.8
First published (updated )
CVE-2026-3495

Mattermost Mattermost ServerInsufficient token rotation validation in remote cluster invite confirmation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4273

Mattermost Mattermost ServerMattermost fails to enforce create_post permission when editing posts

Risk 22
Severity
4.3
First published (updated )
CVE-2026-3637
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203