CVE-2025-13326

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 6.0.0

Description The Mattermost Desktop App does not enable the Hardened Runtime when packaged for the Mac App Store for versions prior to 6.0.0. This allows an attacker to obtain TCC permissions by copying the application binary to a temporary folder. TCC (Transparency, Consent, and Control) is a macOS security feature that manages user permissions for accessing protected resources. Inheriting these permissions could allow unauthorized access to sensitive data.

Recommendations Update to Mattermost Desktop App version 6.0.0 or later.