PT-2026-28421 · Mattermost · Mattermost
Mufeedvh
·
Published
2026-03-26
·
Updated
2026-03-27
·
CVE-2026-3112
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 10.11.x through 10.11.11
Mattermost versions 11.2.x through 11.2.3
Mattermost versions 11.3.x through 11.3.1
Mattermost versions 11.4.x through 11.4.0
Description
The software does not properly validate file target paths for Advanced Logging. This allows system administrators to potentially read arbitrary host files through a malicious AdvancedLoggingJSON configuration when generating support packets.
Recommendations
Mattermost versions 10.11.x through 10.11.11 should be updated.
Mattermost versions 11.2.x through 11.2.3 should be updated.
Mattermost versions 11.3.x through 11.3.1 should be updated.
Mattermost versions 11.4.x through 11.4.0 should be updated.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost