PT-2026-42746 · Mattermost · Mattermost

Runup

·

Published

2026-05-22

·

Updated

2026-07-07

·

CVE-2026-3636

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14
Description Insufficient sanitization of team member data returned via API endpoints allows users without elevated permissions to obtain unauthorized information regarding the roles of team members.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-09002
CVE-2026-3636
GHSA-FFPR-PFR4-G354
GO-2026-5818

Affected Products

Mattermost