github.com/mattermost/mattermost/server/v8 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-27659Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost doesn't properly validate CSRF tokensCVE-2026-20719Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds CVE-2026-22545Lowgithub.com/mattermost/mattermost/server/v8: Mattermost fails to validate user's authentication method when processing account auth type switchCVE-2026-2455Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validationCVE-2026-24692Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly enforce read permissions in search API endpointsCVE-2026-4265Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to validate team-specific upload_file permissionsCVE-2026-21386Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to use consistent error responses when handling the /mute commandCVE-2026-2456Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to limit the size of responses from integration action endpointsCVE-2026-2458Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost allows a removed team member to enumerate all public channels within a private teamCVE-2026-2463Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to filter invite IDs based on user permissionsCVE-2026-2578Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to preserve the redacted state of burn-on-read posts during deletionCVE-2026-2457Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost allows attackers to spoof permalink embedsCVE-2026-26246Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to bound memory allocation when processing PSD image filesCVE-2026-25783Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate User-Agent header tokensCVE-2026-24458Highgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly handle very long passwordsCVE-2026-25780Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to bound memory allocation when processing DOC filesCVE-2025-14573Lowgithub.com/mattermost/mattermost/server/v8: Mattermost fails to enforce invite permissions when updating team settingsCVE-2025-14350Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate team membership when processing channel mentionsCVE-2025-13821Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to sanitize sensitive data in WebSocket messagesCVE-2026-0999Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate login method restrictionsCVE-2025-13767Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to…CVE-2025-64641Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the…CVE-2025-14273Highgithub.com/mattermost/mattermost/server/v8: Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication AlgorithmCVE-2025-13324Mediumgithub.com/mattermost/mattermost: Mattermost has an Invite Token Replay Vulnerability via Channel Membership ManipulationCVE-2025-62690Lowgithub.com/mattermost/mattermost/server/v8: Mattermost has missing redirect URL validation

Stop the waste.
Protect your environment with Kodem.