CVE-2026-1628

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 5.13.3

Description The Mattermost Desktop App versions up to 5.13.3 do not properly restrict navigation to external sites within the application. This allows a malicious server to potentially expose preload script functionality to untrusted servers when a user opens an external link from within their Mattermost server. The issue involves a failure to attach listeners that restrict navigation.

Recommendations Update Mattermost Desktop App to a version greater than 5.13.3.