PT-2026-25684 · Mattermost · Mattermost

0X7Oda7123

Publicado

2026-02-13

Atualizado

2026-03-27

CVE-2026-2458

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.0

Description The software does not correctly check team membership when searching for channels. This allows a team member who has been removed to list all public channels within a private team by using the channel search API endpoint /api/channels/search. The issue affects Mattermost versions 10.11.x through 10.11.10, 11.2.x through 11.2.2, and 11.3.x through 11.3.0.

Recommendations Update Mattermost to a version later than 10.11.10. Update Mattermost to a version later than 11.2.2. Update Mattermost to a version later than 11.3.0.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

BDU:2026-06571

CVE-2026-2458

GHSA-679F-WMRG-QF57

GO-2026-4729

SUSE-SU-2026:1135-1

Produtos afetados

Mattermost

PT-2026-25684 · Mattermost · Mattermost

CVE-2026-2458

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 151