Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how mattermost compares to other vendors in security performance

View Risk Score →

Mattermost MattermostGitHub OAuth Scope Validation

Risk 34
Severity
5.4
First published (updated )
CVE-2026-28735

Mattermost MattermostPersistent notification timing attack causing server denial of service

Risk 38
Severity
6.5
First published (updated )
CVE-2026-4635

Mattermost MattermostImproper file ownership validation in the Boards API allows unauthorised file access

Risk 42
Severity
5.9
First published (updated )
CVE-2026-3473

Mattermost MattermostInsufficient input validation in GitHub plugin API causes denial of service

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4646

Mattermost MattermostSanitize team member data returned by API

Risk 22
Severity
4.3
First published (updated )
CVE-2026-3636
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost MattermostMissing request body size limits on Zoom plugin HTTP endpoints

Risk 30
Severity
4.9
First published (updated )
CVE-2026-5308

Mattermost MattermostDenial of service via crafted TIFF file upload

Risk 38
Severity
6.5
First published (updated )
CVE-2026-5755

Mattermost Mattermost Mobile AppsMobile SSO authentication flow allows credential theft via malicious server

Risk 35
Severity
6.1
First published (updated )
CVE-2026-22880

Mattermost Mattermost ServerInsufficient permission validation on cross-team playbook run creation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4055

Mattermost Mattermost Desktop AppOpening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop App

Risk 37
Severity
6.5
First published (updated )
CVE-2026-3471
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost ServerSSRF via Host Header Spoofing in Custom Slash Commands

Risk 26
Severity
5
First published (updated )
CVE-2026-6333

Mattermost Mattermost ServerPrevent password disclosure and force reset during Slack import

Risk 49
Severity
6.5
First published (updated )
CVE-2026-6345

Mattermost Mattermost ServerSlash command trigger-word update allowed command hijacking

Risk 22
Severity
4.3
First published (updated )
CVE-2026-28732

Mattermost Mattermost ServerMattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6343

Mattermost MattermostMissing authorization check in AI message rewrite endpoint allows access to private thread content

Risk 38
Severity
6.5
First published (updated )
CVE-2026-5163
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost GitLab pluginInstance and webhook GitLab plugin commands were able to be run by non-admin users

Risk 38
Severity
6.5
First published (updated )
CVE-2026-3117

Mattermost Mattermost ServerPlaybooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4286

Mattermost Mattermost ServerMissing request origin validation on burn-on-read reveal endpoint

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6339

Mattermost Mattermost ServerMemory Exhaustion via Malicious 7zip File Upload

Risk 38
Severity
6.5
First published (updated )
CVE-2026-6340

Mattermost Mattermost PluginsIncomplete group locking implementation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6341
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost PluginsGroup prefix matching bypass for subscriptions

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6342

Mattermost Mattermost ServerUnescaped variables during error page composition

Risk 29
Severity
4.8
First published (updated )
CVE-2026-3495

Mattermost Mattermost ServerInsufficient token rotation validation in remote cluster invite confirmation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4273

Mattermost Mattermost ServerMattermost fails to enforce create_post permission when editing posts

Risk 22
Severity
4.3
First published (updated )
CVE-2026-3637

Mattermost Mattermost ServerImproper Input Validation in MS Teams Meetings API Handler

Risk 38
Severity
6.5
First published (updated )
CVE-2026-2325
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost ServerInsufficient authorization in shared channel membership sync allows remote cluster to remove users from arbitrary channels

Risk 22
Severity
4.3
First published (updated )
CVE-2026-28759

Mattermost Mattermost Serverpost edit time limit is not enforced on some post update operations

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4053

Mattermost Mattermost ServerSVG content served through Mattermost image proxy despite Content-Type restrictions causes client-side denial of service

Risk 37
Severity
4.3
First published (updated )
CVE-2026-4054

Rocket.Chat Rocket.ChatIn versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the end…

Risk 22
Severity
4.3
First published (updated )
CVE-2026-29197

Mattermost Mattermost ServerRace Condition in Guest Magic Link Authentication Allows Token Reuse

Risk 40
Severity
6.5
First published (updated )
CVE-2026-3590
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203