Vulnerabilities in Mattermost
434 resultsCVE-2024-23488LOWFiles of archived channels accessible with the “Allow users to view archived channels” option disabledEPSS 0.3%CVE-2024-24776LOW Incorrect Authorization leads to Channel Member Count LeakEPSS 0.3%CVE-2023-3577LOWLimited blind SSRF to localhost/intranet in interactive dialog implementationEPSS 0.3%CVE-2025-22445LOWMisleading UI for undefined admin console settings in Calls causes security confusionEPSS 0.3%CVE-2025-54525HIGHUnexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence PluginEPSS 0.3%CVE-2024-39772LOWSilent Desktop Screenshot CaptureEPSS 0.3%CVE-2025-52931HIGHUnexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence PluginEPSS 0.3%CVE-2026-24661LOWUnbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook EndpointEPSS 0.3%CVE-2024-21848LOWUsers maintain access to active call after being removed from a channelEPSS 0.3%CVE-2026-21388LOWUnbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook EndpointEPSS 0.3%CVE-2025-12421CRITICALAccount Takeover via Code Exchange EndpointEPSS 0.3%CVE-2025-12419CRITICALAccount takeover on OAuth/OpenID-enabled serversEPSS 0.3%CVE-2023-45316HIGHReflected client side path traversal leading to CSRF in PlaybooksEPSS 0.3%CVE-2025-6226MEDIUMIDOR in CreatePost API allows for timeboxed message disclosureEPSS 0.3%CVE-2023-4106MEDIUMA guest user can perform various actions on public playbooksEPSS 0.3%CVE-2024-2445MEDIUMReflected XSS in Mattermost Jira pluginEPSS 0.3%CVE-2026-25773HIGHFocalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)EPSS 0.3%CVE-2025-58075HIGHArbitrary Mattermost Team can be joined by manipulating the SAML RelayStateEPSS 0.3%CVE-2025-10545LOWGuest user can add unauthorized team users to private channelsEPSS 0.3%CVE-2026-26233MEDIUMDenial of Service via HTTP/2 single packet attack on login endpointEPSS 0.3%