PT-2026-41647 · Mattermost · Mattermost Plugins
Eahmed
·
Published
2026-05-18
·
Updated
2026-05-18
·
CVE-2026-6342
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost Plugins versions prior to 11.5
Description
An issue exists where the software fails to appropriately check for valid namespaces. This allows plugin users to create subscriptions to groups that were not whitelisted by creating groups that share the same prefix as a whitelisted group.
Recommendations
Update to a version newer than 11.5.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost Plugins