CVE-2026-6341
published 2026-05-18CVE-2026-6341: Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID: MMSA-2026-00602
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | <= 11.1.5 | — |
| mattermost | mattermost_server | 10.13.0 – 10.13.11 | — |
| mattermost | mattermost_server | 11.1.0 – 11.1.5 | — |
| mattermost | mattermost_server | 11.3.0 – 11.3.4 | — |