CVE-2026-28735
published 2026-05-22CVE-2026-28735: Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which…
PriorityP431medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.14%
3.5th percentile
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL.. Mattermost Advisory ID: MMSA-2026-00628
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-plugin-github | >= 0 < 1.0.1-0.20260318132218-6e6b740c4852 | 1.0.1-0.20260318132218-6e6b740c4852 |
| github.com | mattermost_mattermost-server | >= 10.11.0 < 10.11.15 | 10.11.15 |
| github.com | mattermost_mattermost-server | >= 11.4.0 < 11.4.5 | 11.4.5 |
| github.com | mattermost_mattermost-server | >= 11.5.0 < 11.5.4 | 11.5.4 |
| github.com | mattermost_mattermost-server | >= 11.6.0 < 11.6.1 | 11.6.1 |
| mattermost | mattermost | 10.11.0 – 10.11.14 | — |
| mattermost | mattermost | 11.4.0 – 11.4.4 | — |
| mattermost | mattermost | 11.5.0 – 11.5.3 | — |
| mattermost | mattermost | 11.6.0 – 11.6.0 | — |
| mattermost | mattermost_server | >= 10.11.0 < 10.11.15 | 10.11.15 |
| mattermost | mattermost_server | >= 11.4.0 < 11.4.5 | 11.4.5 |
| mattermost | mattermost_server | >= 11.5.0 < 11.5.4 | 11.5.4 |
| mattermost | mattermost_server | >= 11.6.0 < 11.6.1 | 11.6.1 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
cvelistv5v3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r5vf-grcx-5vqp: Mattermost versions 11
ghsa_unreviewed·2026-05-26
CVE-2026-28735 [MEDIUM] CWE-863 GHSA-r5vf-grcx-5vqp: Mattermost versions 11
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL.. Mattermost Advisory ID: MMSA-2026-00628
GHSA
Mattermost allows authenticated users to gain access to private repositories
ghsa·2026-05-26
CVE-2026-28735 [MEDIUM] CWE-863 Mattermost allows authenticated users to gain access to private repositories
Mattermost allows authenticated users to gain access to private repositories
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL. Mattermost Advisory ID: MMSA-2026-00628
VulDB
Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 Scope authorization
vuldb·2026-05-22
CVE-2026-28735 [CRITICAL] Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 Scope authorization
A vulnerability described as critical has been identified in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0. This affects an unknown function. Executing a manipulation of the argument Scope can lead to incorrect authorization.
This vulnerability is registered as CVE-2026-28735. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
CVEList
GitHub OAuth Scope Validation
cvelistv5·2026-05-22·CVSS 5.4
CVE-2026-28735 [MEDIUM] CWE-863 GitHub OAuth Scope Validation
GitHub OAuth Scope Validation
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL.. Mattermost Advisory ID: MMSA-2026-00628
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-28735 matterbridge: Mattermost: Unauthorized access to private repositories via OAuth token scope bypass [fedora-all]
bugzilla·2026-06-17·CVSS 5.4
CVE-2026-28735 [MEDIUM] CVE-2026-28735 matterbridge: Mattermost: Unauthorized access to private repositories via OAuth token scope bypass [fedora-all]
CVE-2026-28735 matterbridge: Mattermost: Unauthorized access to private repositories via OAuth token scope bypass [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-28735 matterbridge: Mattermost: Unauthorized access to private repositories via OAuth token scope bypass [epel-all]
bugzilla·2026-06-17·CVSS 5.4
CVE-2026-28735 [MEDIUM] CVE-2026-28735 matterbridge: Mattermost: Unauthorized access to private repositories via OAuth token scope bypass [epel-all]
CVE-2026-28735 matterbridge: Mattermost: Unauthorized access to private repositories via OAuth token scope bypass [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
2026-05-22
Published