CVE-2026-27769
published 2026-04-15CVE-2026-27769: Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote…
low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. Mattermost Advisory ID: MMSA-2026-00603
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 8.0.0-20250721062209-4952acea88ce < 8.0.0-20260316060126-bc1a2b34b1f9 | 8.0.0-20260316060126-bc1a2b34b1f9 |
| mattermost | mattermost | 10.11.0 – 10.11.12 | — |
| mattermost | mattermost_server | >= 10.11.0 < 10.11.13 | 10.11.13 |