CVE-2026-2461
published 2026-03-16CVE-2026-2461: Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-plugin-boards | >= 0 < 0.0.0-20260108044135-57c5be5b6ef5 | 0.0.0-20260108044135-57c5be5b6ef5 |
| mattermost | mattermost | <= 11.0.3 | — |
| mattermost | mattermost_server | < 10.11.11 | 10.11.11 |
| mattermost | mattermost_server | 11.0.0 – 11.0.3 | — |
| mattermost | mattermost_server | >= 11.1.0 < 11.2.3 | 11.2.3 |
| mattermost | mattermost_server | >= 11.3.0 < 11.3.1 | 11.3.1 |