PT-2026-25701 · Mattermost · Mattermost
Joshua Rogers
·
Published
2026-03-16
·
Updated
2026-03-16
·
CVE-2026-2578
CVSS v3.1
4.3
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost