CVE-2026-22545

CVSS v3.1

3.1

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-22545

Affected Products

Mattermost

CVE-2026-22545

Weakness Enumeration

Related Identifiers

Affected Products

References · 2