Vulnerability-Lookup

CVE-2026-4274 (GCVE-0-2026-4274)

Vulnerability from cvelistv5 – Published: 2026-03-26 10:43 – Updated: 2026-03-26 13:58

Title

Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access

Summary

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574

Severity

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-863 - Incorrect Authorization

Assigner

Mattermost

References

1 reference

URL	Tags
https://mattermost.com/security-updates	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Mattermost	Mattermost	Affected: 11.2.0 , ≤ 11.2.2 (semver) Affected: 10.11.0 , ≤ 10.11.10 (semver) Affected: 11.4.0 , ≤ 11.4.0 (semver) Affected: 11.3.0 , ≤ 11.3.1 (semver) Unaffected: 11.5.0 Unaffected: 11.2.3 Unaffected: 10.11.11 Unaffected: 11.4.1 Unaffected: 11.3.2

Credits

daw10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4274",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T13:58:33.420989Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T13:58:41.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.2.2",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.11.10",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.4.0",
              "status": "affected",
              "version": "11.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.3.1",
              "status": "affected",
              "version": "11.3.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.5.0"
            },
            {
              "status": "unaffected",
              "version": "11.2.3"
            },
            {
              "status": "unaffected",
              "version": "10.11.11"
            },
            {
              "status": "unaffected",
              "version": "11.4.1"
            },
            {
              "status": "unaffected",
              "version": "11.3.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "daw10"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10, 11.4.x \u003c= 11.4.0, 11.3.x \u003c= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T10:43:24.611Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00574",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00574",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-67099"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-4274",
    "datePublished": "2026-03-26T10:43:24.611Z",
    "dateReserved": "2026-03-16T15:18:50.150Z",
    "dateUpdated": "2026-03-26T13:58:41.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-4274",
      "date": "2026-06-30",
      "epss": "0.00141",
      "percentile": "0.03785"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-4274\",\"sourceIdentifier\":\"responsibledisclosure@mattermost.com\",\"published\":\"2026-03-26T11:16:21.257\",\"lastModified\":\"2026-06-17T10:56:20.560\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mattermost versions 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10, 11.4.x \u003c= 11.4.0, 11.3.x \u003c= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574\"},{\"lang\":\"es\",\"value\":\"Versiones de Mattermost 11.2.x hasta 11.2.2, 10.11.x hasta 10.11.10, 11.4.x hasta 11.4.0, 11.3.x hasta 11.3.1 no restringen el acceso a nivel de equipo al procesar la sincronizaci\u00f3n de membres\u00eda desde un cl\u00faster remoto, lo que permite a un cl\u00faster remoto malicioso otorgar a un usuario acceso a un equipo privado completo en lugar de solo al canal compartido mediante el env\u00edo de mensajes de sincronizaci\u00f3n de membres\u00eda manipulados que desencadenan la asignaci\u00f3n de membres\u00eda de equipo. ID de Aviso de Mattermost: MMSA-2026-00574\"}],\"affected\":[{\"source\":\"responsibledisclosure@mattermost.com\",\"affectedData\":[{\"vendor\":\"Mattermost\",\"product\":\"Mattermost\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"11.2.0\",\"lessThanOrEqual\":\"11.2.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"10.11.0\",\"lessThanOrEqual\":\"10.11.10\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"11.4.0\",\"lessThanOrEqual\":\"11.4.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"11.3.0\",\"lessThanOrEqual\":\"11.3.1\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"11.5.0\",\"status\":\"unaffected\"},{\"version\":\"11.2.3\",\"status\":\"unaffected\"},{\"version\":\"10.11.11\",\"status\":\"unaffected\"},{\"version\":\"11.4.1\",\"status\":\"unaffected\"},{\"version\":\"11.3.2\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"responsibledisclosure@mattermost.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-26T13:58:33.420989Z\",\"id\":\"CVE-2026-4274\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"responsibledisclosure@mattermost.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.11.0\",\"versionEndExcluding\":\"10.11.11\",\"matchCriteriaId\":\"B6E5F368-358C-429B-8F04-3C8DF4A71A91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.2.0\",\"versionEndExcluding\":\"11.2.3\",\"matchCriteriaId\":\"7F64C167-943D-4F3F-9374-BCC8DECB3881\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndExcluding\":\"11.3.2\",\"matchCriteriaId\":\"805ECFFC-82FD-4754-AF95-32167E1D41CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.4.0\",\"versionEndExcluding\":\"11.4.1\",\"matchCriteriaId\":\"839BC7B7-28DF-4125-937A-8B0D2D6893C2\"}]}]}],\"references\":[{\"url\":\"https://mattermost.com/security-updates\",\"source\":\"responsibledisclosure@mattermost.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-4274\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-26T13:58:33.420989Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-26T13:58:36.760Z\"}}], \"cna\": {\"title\": \"Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access\", \"source\": {\"defect\": [\"https://mattermost.atlassian.net/browse/MM-67099\"], \"advisory\": \"MMSA-2026-00574\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"daw10\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Mattermost\", \"product\": \"Mattermost\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.2.2\"}, {\"status\": \"affected\", \"version\": \"10.11.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.11.10\"}, {\"status\": \"affected\", \"version\": \"11.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.4.0\"}, {\"status\": \"affected\", \"version\": \"11.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.3.1\"}, {\"status\": \"unaffected\", \"version\": \"11.5.0\"}, {\"status\": \"unaffected\", \"version\": \"11.2.3\"}, {\"status\": \"unaffected\", \"version\": \"10.11.11\"}, {\"status\": \"unaffected\", \"version\": \"11.4.1\"}, {\"status\": \"unaffected\", \"version\": \"11.3.2\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update Mattermost to versions 11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2 or higher.\"}], \"references\": [{\"url\": \"https://mattermost.com/security-updates\", \"name\": \"MMSA-2026-00574\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mattermost versions 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10, 11.4.x \u003c= 11.4.0, 11.3.x \u003c= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee\", \"shortName\": \"Mattermost\", \"dateUpdated\": \"2026-03-26T10:43:24.611Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-4274\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-26T13:58:41.567Z\", \"dateReserved\": \"2026-03-16T15:18:50.150Z\", \"assignerOrgId\": \"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee\", \"datePublished\": \"2026-03-26T10:43:24.611Z\", \"assignerShortName\": \"Mattermost\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0300

Vulnerability from certfr_avis - Published: 2026-03-17 - Updated: 2026-03-27

De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mattermost	Mattermost Server	Mattermost Server versions 11.3.x antérieures à 11.3.3
Mattermost	Mattermost Server	Mattermost Server versions 11.4.x antérieures à 11.4.3
Mattermost	Mattermost Server	Mattermost Server versions 10.11.x antérieures à 10.11.13
Mattermost	Mattermost Server	Mattermost Server versions 11.5.x antérieures à 11.5.1
Mattermost	Mattermost Server	Mattermost Server versions 11.2.x antérieures à 11.2.3

References

Title

Publication Time

CERTFR-2026-AVI-0446

Vulnerability from certfr_avis - Published: 2026-04-16 - Updated: 2026-04-17

De multiples vulnérabilités ont été découvertes dans Mattermost Server. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une injection de requêtes illégitimes par rebond (CSRF) et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mattermost	Mattermost Server	Mattermost Server versions 11.4.x antérieures à 11.4.5
Mattermost	Mattermost Server	Mattermost Server versions 11.5.x antérieures à 11.5.5
Mattermost	Mattermost Server	Mattermost Server versions 10.11.x antérieures à 10.11.15
Mattermost	Mattermost Server	Mattermost Server versions 11.3.x antérieures à 11.3.3
Mattermost	Mattermost Server	Mattermost Server versions 11.6.x antérieures à 11.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mattermost MMSA-2026-00628	2026-04-16	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00582	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00608	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00576	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00607	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00575	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00614	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00573	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00630	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00622	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00627	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00570	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00636	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00591	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00625	2026-03-16	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00645	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00603	2026-03-16	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00597	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00624	2026-03-16	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00605	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2026-00631	2026-04-15	vendor-advisory
Bulletin de sécurité Mattermost MMSA-2025-00552	2026-04-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mattermost Server versions 11.4.x ant\u00e9rieures \u00e0 11.4.5",
      "product": {
        "name": "Mattermost Server",
        "vendor": {
          "name": "Mattermost",
          "scada": false
        }
      }
    },
    {
      "description": "Mattermost Server versions 11.5.x ant\u00e9rieures \u00e0 11.5.5",
      "product": {
        "name": "Mattermost Server",
        "vendor": {
          "name": "Mattermost",
          "scada": false
        }
      }
    },
    {
      "description": "Mattermost Server versions 10.11.x ant\u00e9rieures \u00e0 10.11.15",
      "product": {
        "name": "Mattermost Server",
        "vendor": {
          "name": "Mattermost",
          "scada": false
        }
      }
    },
    {
      "description": "Mattermost Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.3\n",
      "product": {
        "name": "Mattermost Server",
        "vendor": {
          "name": "Mattermost",
          "scada": false
        }
      }
    },
    {
      "description": "Mattermost Server versions 11.6.x ant\u00e9rieures \u00e0 11.6.1",
      "product": {
        "name": "Mattermost Server",
        "vendor": {
          "name": "Mattermost",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-4265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4265"
    },
    {
      "name": "CVE-2026-28741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28741"
    },
    {
      "name": "CVE-2026-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3590"
    },
    {
      "name": "CVE-2026-27769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27769"
    },
    {
      "name": "CVE-2026-4274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4274"
    }
  ],
  "initial_release_date": "2026-04-16T00:00:00",
  "last_revision_date": "2026-04-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0446",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-16T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 MMSA-2026-00628 et mise \u00e0 jour des syst\u00e8mes affect\u00e9s.",
      "revision_date": "2026-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mattermost Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mattermost Server",
  "vendor_advisories": [
    {
      "published_at": "2026-04-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00628",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00582",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00608",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00576",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00607",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00575",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00614",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00573",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00630",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00622",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00627",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00570",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00636",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00591",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00625",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00645",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00603",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00597",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00624",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00605",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2026-00631",
      "url": "https://mattermost.com/security-updates/"
    },
    {
      "published_at": "2026-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2025-00552",
      "url": "https://mattermost.com/security-updates/"
    }
  ]
}

FKIE_CVE-2026-4274

Vulnerability from fkie_nvd - Published: 2026-03-26 11:16 - Updated: 2026-06-17 10:56

Severity

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

References

	URL	Tags
	responsibledisclosure@mattermost.com	https://mattermost.com/security-updates	Vendor Advisory

Impacted products

Vendor	Product	Version
mattermost	mattermost_server	*
mattermost	mattermost_server	*
mattermost	mattermost_server	*
mattermost	mattermost_server	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.2.2",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.11.10",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.4.0",
              "status": "affected",
              "version": "11.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.3.1",
              "status": "affected",
              "version": "11.3.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.5.0"
            },
            {
              "status": "unaffected",
              "version": "11.2.3"
            },
            {
              "status": "unaffected",
              "version": "10.11.11"
            },
            {
              "status": "unaffected",
              "version": "11.4.1"
            },
            {
              "status": "unaffected",
              "version": "11.3.2"
            }
          ]
        }
      ],
      "source": "responsibledisclosure@mattermost.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E5F368-358C-429B-8F04-3C8DF4A71A91",
              "versionEndExcluding": "10.11.11",
              "versionStartIncluding": "10.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F64C167-943D-4F3F-9374-BCC8DECB3881",
              "versionEndExcluding": "11.2.3",
              "versionStartIncluding": "11.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "805ECFFC-82FD-4754-AF95-32167E1D41CB",
              "versionEndExcluding": "11.3.2",
              "versionStartIncluding": "11.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "839BC7B7-28DF-4125-937A-8B0D2D6893C2",
              "versionEndExcluding": "11.4.1",
              "versionStartIncluding": "11.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mattermost versions 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10, 11.4.x \u003c= 11.4.0, 11.3.x \u003c= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574"
    },
    {
      "lang": "es",
      "value": "Versiones de Mattermost 11.2.x hasta 11.2.2, 10.11.x hasta 10.11.10, 11.4.x hasta 11.4.0, 11.3.x hasta 11.3.1 no restringen el acceso a nivel de equipo al procesar la sincronizaci\u00f3n de membres\u00eda desde un cl\u00faster remoto, lo que permite a un cl\u00faster remoto malicioso otorgar a un usuario acceso a un equipo privado completo en lugar de solo al canal compartido mediante el env\u00edo de mensajes de sincronizaci\u00f3n de membres\u00eda manipulados que desencadenan la asignaci\u00f3n de membres\u00eda de equipo. ID de Aviso de Mattermost: MMSA-2026-00574"
    }
  ],
  "id": "CVE-2026-4274",
  "lastModified": "2026-06-17T10:56:20.560",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "responsibledisclosure@mattermost.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-4274",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-03-26T13:58:33.420989Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-03-26T11:16:21.257",
  "references": [
    {
      "source": "responsibledisclosure@mattermost.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "sourceIdentifier": "responsibledisclosure@mattermost.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "responsibledisclosure@mattermost.com",
      "type": "Secondary"
    }
  ]
}

GHSA-G7FP-CQJ5-X8HF

Vulnerability from github – Published: 2026-03-26 12:30 – Updated: 2026-03-31 23:01

Summary

Mattermost has an Incorrect Authorization issue

Details

Severity

5.4 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.4.0-rc1"
            },
            {
              "fixed": "11.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.3.0-rc1"
            },
            {
              "fixed": "11.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.2.0-rc1"
            },
            {
              "fixed": "11.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 10.11.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.11.0-rc1"
            },
            {
              "fixed": "10.11.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0-20260105080200-d27a2195068d"
            },
            {
              "fixed": "8.0.0-20260217110922-b7d4a1f1f59b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-4274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-31T23:01:25Z",
    "nvd_published_at": "2026-03-26T11:16:21Z",
    "severity": "MODERATE"
  },
  "details": "Mattermost versions 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10, 11.4.x \u003c= 11.4.0, 11.3.x \u003c= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared channel via sending crafted membership sync messages that trigger team membership assignment. Mattermost Advisory ID: MMSA-2026-00574",
  "id": "GHSA-g7fp-cqj5-x8hf",
  "modified": "2026-03-31T23:01:25Z",
  "published": "2026-03-26T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4274"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mattermost/mattermost"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mattermost has an Incorrect Authorization issue"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-4274 (GCVE-0-2026-4274)

CERTFR-2026-AVI-0300

Solutions

CERTFR-2026-AVI-0446

Solutions

FKIE_CVE-2026-4274

GHSA-G7FP-CQJ5-X8HF

Tags

Sightings

Nomenclature