CVE-2026-24692

CVSS v3.1

4.3

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-24692

Affected Products

Mattermost

CVE-2026-24692

Weakness Enumeration

Related Identifiers

Affected Products

References · 2