Mattermost · Mattermost · CVE-2026-6739
**Name of the Vulnerable Software and Affected Versions**
Mattermost versions prior to 11.6.2
Mattermost versions prior to 11.5.5
Mattermost versions prior to 10.11.17
**Description**
Authenticated users with delegated user-management permissions can escalate privileges by altering built-in role permissions. This occurs because the system fails to require system-level permissions when patching protected default system roles via the role patch API.
**Recommendations**
Update to version 11.6.2 or later.
Update to version 11.5.5 or later.
Update to version 10.11.17 or later.