CVE-2025-9076

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.10.x through 10.10.1

Description Mattermost Server instances with shared channels enabled are susceptible to an information disclosure issue. The software fails to properly sanitize user data during shared channel membership synchronization, potentially allowing malicious or compromised remote clusters to access sensitive user information via unsanitized user objects.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.