mattermost inc

Top products

The 15 most recently published vulnerabilities affecting mattermost inc.

• CVE-2026-4915Server panic via outgoing webhook responses6.5May 25, 2026
• CVE-2026-4635Persistent notification timing attack causing server denial of service6.5May 22, 2026
• CVE-2026-3473Improper file ownership validation in the Boards API allows unauthorised file access5.9May 22, 2026
• CVE-2026-4646Insufficient input validation in GitHub plugin API causes denial of service4.3May 22, 2026
• CVE-2026-5740Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server7.5May 22, 2026
• CVE-2026-5308Missing request body size limits on Zoom plugin HTTP endpoints4.9May 22, 2026
• CVE-2026-5755Denial of service via crafted TIFF file upload6.5May 22, 2026
• CVE-2026-3590Race Condition in Guest Magic Link Authentication Allows Token Reuse6.5Apr 15, 2026
• CVE-2026-28741CSRF Protection Bypass Allows Updating a User's Authentication Method6.8Apr 15, 2026
• CVE-2026-27769Connected Workspaces: Malicious remote server can manipulate arbitrary user's status2.7Apr 15, 2026
• CVE-2026-1629Permalink Preview Information Disclosure After Permission Revocation4.3Mar 16, 2026
• CVE-2026-26230Team Admin Privilege Escalation to Demote Members to Guest3.8Mar 16, 2026
• CVE-2026-2454DoS in Calls plugin via malformed msgpack in websocket request.5.8Mar 16, 2026
• CVE-2026-26304Permission Bypass in Playbook Run Creation4.3Mar 16, 2026
• CVE-2026-24692Guest users can bypass read permissions via search API4.3Mar 16, 2026