PT-2026-25757 · Mattermost · Github.Com/Mattermost/Mattermost-Server+1
Daw10
·
Published
2026-02-13
·
Updated
2026-03-27
·
CVE-2026-22545
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 10.11.x through 10.11.10
Description
Mattermost does not properly validate a user's authentication method when processing an account authentication type switch. This allows an authenticated attacker to change an account password without confirmation by falsely claiming a different authentication provider. The issue is present in the
github.com/mattermost/mattermost-server module before version v5.3.2-0.20260127144908-ced9a56e3988.Recommendations
Update Mattermost to a version later than 10.11.10.
Update the
github.com/mattermost/mattermost-server module to version v5.3.2-0.20260127144908-ced9a56e3988 or later.Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost
Github.Com/Mattermost/Mattermost-Server