PT-2026-25685 · Mattermost · Mattermost Plugins+1

Daynight

Published

2026-03-16

Updated

2026-03-27

CVE-2026-2461

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions 10.10.11.0 through 11.3

Description The Mattermost Plugins do not properly enforce authorization checks when modifying comment blocks. This allows an authorized attacker with editor permissions to modify comments created by other members. The vulnerable component is related to comment block modifications within the Mattermost Boards Plugin.

Recommendations Update to a version of Mattermost Plugins later than 11.3.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2026-2461

GHSA-HF8W-X9H5-5GF9

GO-2026-4782

SUSE-SU-2026:1135-1

Affected Products

Mattermost Boards Plugin

Mattermost Plugins

PT-2026-25685 · Mattermost · Mattermost Plugins+1

CVE-2026-2461

Weakness Enumeration

Related Identifiers

Affected Products

References · 149