CVE-2026-26230
published 2026-03-16CVE-2026-26230: Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team…
low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | 10.11.0 – 10.11.10 | — |
| mattermost | mattermost_server | >= 10.11.0 < 10.11.11 | 10.11.11 |