CVE-2026-4055
published 2026-05-21CVE-2026-4055: Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request. Mattermost Advisory ID: MMSA-2026-00629
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | 11.5.0 – 11.5.1 | — |
| mattermost | mattermost_server | >= 10.11.0 < 10.11.17 | 10.11.17 |
| mattermost | mattermost_server | >= 11.5.0 < 11.5.5 | 11.5.5 |
| mattermost | mattermost_server | >= 11.6.0 < 11.6.2 | 11.6.2 |