PT-2026-23031 · Mattermost · Mattermost

Winfunc

Publicado

2026-02-13

Atualizado

2026-03-27

CVE-2026-21386

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.10 Mattermost versions 11.2.0 through 11.2.2 Mattermost versions 11.3.0

Description Mattermost does not consistently handle error responses when processing the /mute command. This allows an authenticated team member to identify private channels they are not authorized to access by observing differing error messages for nonexistent versus private channels. The issue occurs due to inconsistent error messaging when attempting to mute a user in a channel they are not a member of.

Recommendations Mattermost versions 10.11.0 through 10.11.10 should be updated. Mattermost versions 11.2.0 through 11.2.2 should be updated. Mattermost version 11.3.0 should be updated.

Correção

Information Disclosure

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-203

Identificadores relacionados

BDU:2026-06570

CVE-2026-21386

GHSA-5MR9-CRCG-8WH2

GO-2026-4744

SUSE-SU-2026:1135-1

Produtos afetados

Mattermost

PT-2026-23031 · Mattermost · Mattermost

CVE-2026-21386

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 153