CVE-2026-24692
published 2026-03-16CVE-2026-24692: Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 0 < 5.3.2-0.20260107142155-0481bd1fb045 | 5.3.2-0.20260107142155-0481bd1fb045 |
| github.com | mattermost_mattermost-server | >= 10.11.0-rc1 < 10.11.11 | 10.11.11 |
| github.com | mattermost_mattermost-server | >= 10.11.0-rc1+incompatible < 10.11.11+incompatible | 10.11.11+incompatible |
| github.com | mattermost_mattermost-server | >= 11.2.0-rc1 < 11.2.3 | 11.2.3 |
| github.com | mattermost_mattermost-server | >= 11.2.0-rc1+incompatible < 11.2.3+incompatible | 11.2.3+incompatible |
| github.com | mattermost_mattermost-server | >= 11.3.0-rc1 < 11.3.1 | 11.3.1 |
| github.com | mattermost_mattermost-server | >= 11.3.0-rc1+incompatible < 11.3.1+incompatible | 11.3.1+incompatible |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.0.0-20260107142155-0481bd1fb045 | 8.0.0-20260107142155-0481bd1fb045 |
| mattermost | mattermost | 10.11.0 – 10.11.10 | — |
| mattermost | mattermost | 11.2.0 – 11.2.2 | — |
| mattermost | mattermost | 11.3.0 – 11.3.0 | — |
| mattermost | mattermost_server | >= 10.11.0 < 10.11.11 | 10.11.11 |
| mattermost | mattermost_server | >= 11.2.0 < 11.2.3 | 11.2.3 |
| mattermost | mattermost_server | >= 11.3.0 < 11.3.1 | 11.3.1 |