CVE-2026-6342
published 2026-05-18CVE-2026-6342: Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID: MMSA-2026-00601
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | <= 11.1.5 | — |
| mattermost | mattermost_server | 10.13.0 – 10.13.11 | — |
| mattermost | mattermost_server | 11.1.0 – 11.1.5 | — |
| mattermost | mattermost_server | 11.3.0 – 11.3.4 | — |