CVE-2026-1046

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions Mattermost versions 5.2.13.0 and earlier, versions 6.0 and 6.2.0 and earlier

Description The Mattermost Desktop App does not properly validate help links. This allows a malicious Mattermost server to execute arbitrary executables on a user’s system when a user clicks on specific items within the Help menu. The issue involves unvalidated server-controlled URLs in the Help menu.

Recommendations Update Mattermost to a version later than 5.2.13.0. Update Mattermost to a version later than 6.0. Update Mattermost to a version later than 6.2.0.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-939

Related Identifiers

CVE-2026-1046

Affected Products

Mattermost

Mattermost Desktop App

CVE-2026-1046

Weakness Enumeration

Related Identifiers

Affected Products

References · 4