Mattermost desktop

This hub aggregates every CVE we track for Mattermost desktop, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Mattermost desktop.

• CVE-2026-8683Overly long URLs crash the Mattermost Desktop App6.5Jun 15, 2026
• CVE-2026-6517Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed6.3Jun 15, 2026
• CVE-2026-3471Opening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop App6.5May 18, 2026
• CVE-2026-4643Calling window.close() from server-side content causes crash in the Mattermost Desktop App3.5May 18, 2026
• CVE-2026-1628Mattermost allows external websites to open within the app, exposing preload functionality to non-trusted sites.4.6Mar 2, 2026
• CVE-2025-13326Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store3.9Dec 17, 2025
• CVE-2025-13321Mattermost Desktop App logging sensitive information and fails to clear data on server deletion3.3Dec 17, 2025
• CVE-2025-55035Mattermost Desktop DoS when user has basic authentication server configured6.1Oct 16, 2025
• CVE-2025-58084Mattermost Desktop App crashes when clicking on malformed external URL3.5Oct 13, 2025
• CVE-2025-1398macOS TCC Bypass via Code Injection3.3Mar 17, 2025
• CVE-2024-45835Insufficient Electron Fuses Configuration2.5Sep 16, 2024
• CVE-2024-39772Silent Desktop Screenshot Capture3.7Sep 16, 2024
• CVE-2024-39613RCE in desktop app in Windows by local attacker5.3Sep 16, 2024
• CVE-2024-37182Lack of permissions prompting when opening external URLs4.7Jun 14, 2024
• CVE-2024-36287Bypass of TCC restrictions on macOS3.8Jun 14, 2024