PT-2026-8342 · Mattermost · Mattermost Desktop App+1
Hackerman70000
·
Publicado
2026-02-16
·
Atualizado
2026-02-21
·
CVE-2026-1046
CVSS v3.1
7.6
Alta
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 5.2.13.0 and earlier, versions 6.0 and 6.2.0 and earlier
Description
The Mattermost Desktop App does not properly validate help links. This allows a malicious Mattermost server to execute arbitrary executables on a user’s system when a user clicks on specific items within the Help menu. The issue involves unvalidated server-controlled URLs in the Help menu.
Recommendations
Update Mattermost to a version later than 5.2.13.0.
Update Mattermost to a version later than 6.0.
Update Mattermost to a version later than 6.2.0.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mattermost
Mattermost Desktop App