github.com/mattermost/mattermost-server vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-4054Mediumgithub.com/mattermost/mattermost-server: Mattermost doesn't validate the response body of proxied imagesCVE-2026-3590Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens…CVE-2026-27769Lowgithub.com/mattermost/mattermost-server: Mattermost doesn't validate whether users were correctly owned by the correct Connected WorkspaceCVE-2026-3113Mediumgithub.com/mattermost/mattermost-server: Mattermost doesn't set permissions on downloaded bulk exportCVE-2026-27656Mediumgithub.com/mattermost/mattermost-server: Mattermost allows attackers to take over arbitrary user accounts via overly permissive substring…CVE-2026-26233Mediumgithub.com/mattermost/mattermost-server: Mattermost doesn't rate limit login requests, allowing DoSCVE-2026-22545Lowgithub.com/mattermost/mattermost/server/v8: Mattermost fails to validate user's authentication method when processing account auth type switchCVE-2026-2455Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validationCVE-2026-24692Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly enforce read permissions in search API endpointsCVE-2026-4265Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to validate team-specific upload_file permissionsCVE-2026-21386Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to use consistent error responses when handling the /mute commandCVE-2026-2456Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to limit the size of responses from integration action endpointsCVE-2026-2458Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost allows a removed team member to enumerate all public channels within a private teamCVE-2026-2463Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to filter invite IDs based on user permissionsCVE-2026-2578Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to preserve the redacted state of burn-on-read posts during deletionCVE-2026-2457Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost allows attackers to spoof permalink embedsCVE-2026-26246Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to bound memory allocation when processing PSD image filesCVE-2026-25783Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate User-Agent header tokensCVE-2026-24458Highgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly handle very long passwordsCVE-2026-25780Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to bound memory allocation when processing DOC filesCVE-2025-14573Lowgithub.com/mattermost/mattermost/server/v8: Mattermost fails to enforce invite permissions when updating team settingsCVE-2025-14350Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate team membership when processing channel mentionsCVE-2025-13821Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to sanitize sensitive data in WebSocket messagesCVE-2026-0999Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate login method restrictionsCVE-2026-20796Lowgithub.com/mattermost/mattermost-server: Mattermost doesn't properly validate channel membership at the time of data retrieval

Stop the waste.
Protect your environment with Kodem.