CVE-2026-6342

MEDIUM CVSS 4.3 View on NVD ↗

Description

Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID: MMSA-2026-00601

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

https://mattermost.com/security-updates

Published: May 18, 2026 08:16 UTC Modified: May 18, 2026 17:32 UTC