CVE-2026-3117

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions prior to 11.5

Description The Gitlab plugin fails to properly check for permissions when processing commands. This allows standard users to uninstall instances or configure webhook connections by using the "/gitlab instance {option}" and "/gitlab webhook {option}" commands.

Recommendations Update to a version later than 11.5. As a temporary workaround, restrict the use of the "/gitlab instance" and "/gitlab webhook" commands.