Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Mattermost Mattermost ServerServer panic via outgoing webhook responses

Risk 38
Severity
6.5
First published (updated )
CVE-2026-4915

Mattermost Mattermost ServerInsufficient permission validation on cross-team playbook run creation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4055

Mattermost Mattermost ServerSSRF via Host Header Spoofing in Custom Slash Commands

Risk 26
Severity
5
First published (updated )
CVE-2026-6333

Mattermost Mattermost ServerPrevent password disclosure and force reset during Slack import

Risk 49
Severity
6.5
First published (updated )
CVE-2026-6345

Mattermost Mattermost ServerSlash command trigger-word update allowed command hijacking

Risk 22
Severity
4.3
First published (updated )
CVE-2026-28732
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost ServerMattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6343

Mattermost MattermostMissing authorization check in AI message rewrite endpoint allows access to private thread content

Risk 38
Severity
6.5
First published (updated )
CVE-2026-5163

Mattermost Mattermost ServerPlaybooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4286

Mattermost Mattermost ServerMissing request origin validation on burn-on-read reveal endpoint

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6339

Mattermost Mattermost ServerMemory Exhaustion via Malicious 7zip File Upload

Risk 38
Severity
6.5
First published (updated )
CVE-2026-6340
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost ServerUnescaped variables during error page composition

Risk 29
Severity
4.8
First published (updated )
CVE-2026-3495

Mattermost Mattermost ServerInsufficient token rotation validation in remote cluster invite confirmation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4273

Mattermost Mattermost ServerMattermost fails to enforce create_post permission when editing posts

Risk 22
Severity
4.3
First published (updated )
CVE-2026-3637

Mattermost Mattermost ServerImproper Input Validation in MS Teams Meetings API Handler

Risk 38
Severity
6.5
First published (updated )
CVE-2026-2325

Mattermost Mattermost ServerInsufficient authorization in shared channel membership sync allows remote cluster to remove users from arbitrary channels

Risk 22
Severity
4.3
First published (updated )
CVE-2026-28759
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost Serverpost edit time limit is not enforced on some post update operations

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4053

Mattermost Mattermost ServerSVG content served through Mattermost image proxy despite Content-Type restrictions causes client-side denial of service

Risk 37
Severity
4.3
First published (updated )
CVE-2026-4054

Rocket.Chat Rocket.ChatIn versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the end…

Risk 22
Severity
4.3
First published (updated )
CVE-2026-29197

Mattermost Mattermost ServerRace Condition in Guest Magic Link Authentication Allows Token Reuse

Risk 40
Severity
6.5
First published (updated )
CVE-2026-3590

Mattermost MS Teams PluginUnbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint

Risk 38
Severity
6.5
First published (updated )
CVE-2026-21388
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost ServerArbitrary File Read via Advanced Logging Support Packet

Risk 37
Severity
6.8
First published (updated )
CVE-2026-3112

Mattermost Mattermost ServerGuest users can view group member IDs without respecting view restrictions

Risk 22
Severity
4.3
First published (updated )
CVE-2026-3115

Mattermost Mattermost ServerZip Bomb Denial of Service via Unrestricted Archive Decompression

Risk 38
Severity
6.5
First published (updated )
CVE-2026-3114

Mattermost Mattermost Servermmctl export download command doesn’t restrict permissions to created file to file owner

Risk 32
Severity
5.5
First published (updated )
CVE-2026-3113

Mattermost Mattermost ServerInsufficient authorization in shared channel membership sync grants team-level access instead of channel-level access

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2026-4274
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Mattermost Mattermost ServerCSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpoint

Risk 30
Severity
4.6
First published (updated )
CVE-2026-27659

Mattermost Mattermost ServerAccount Takeover via Substring Matching in OpenID Connect Authentication

Risk 45
Severity
6.1
First published (updated )
CVE-2026-27656

Mattermost Mattermost ServerDenial of Service via HTTP/2 single packet attack on login endpoint

Risk 38
Severity
6.5
First published (updated )
CVE-2026-26233

mattermostPermalink Preview Information Disclosure After Permission Revocation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-1629

Mattermost Mattermost ServerPermission Bypass in Playbook Run Creation

Risk 22
Severity
4.3
First published (updated )
CVE-2026-26304
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203