CVE-2026-28741

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.12 Mattermost version 11.5.0 Mattermost versions 11.4.0 through 11.4.2 Mattermost versions 11.3.0 through 11.3.2

Description An authentication endpoint fails to validate CSRF tokens. This allows an attacker to update a user authentication method by tricking a user into visiting a malicious page via a Cross-Site Request Forgery (CSRF) attack, which is a technique where an unauthorized command is transmitted to a web application from a user that the application trusts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.