CVE-2026-22880— Mobile SSO authentication flow allows credential theft via malicious server
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 12
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mattermost | Mattermost | ≤ 2.0.37 | affected |
≤ 11.0.4 | affected | ||
≤ 11.1.3 | affected | ||
≤ 11.3.2 | affected | ||
≤ 10.11.11 | affected | ||
2.38.0 | unaffected | ||
11.5.0 | unaffected | ||
2.37.1.0 | unaffected | ||
| … +4 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-22880
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mobile SSO authentication flow allows credential theft via malicious server
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO code exchange flow through the mobile application. Mattermost Advisory ID: MMSA-2025-00564
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mattermost Mobile Apps 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mattermost Mobile Apps是美国Mattermost公司的一款消息传递移动应用程序。 Mattermost Mobile Apps 2.0.37及之前版本、11.0.4及之前版本、11.1.3及之前版本、11.3.2及之前版本和10.11.11.0及之前版本存在跨站请求伪造漏洞,该漏洞源于未正确验证SSO身份验证回调来源,可能导致攻击者窃取用户凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mattermost | Mattermost | 0 ~ 2.0.37 | - |
II. Public POCs for CVE-2026-22880
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-22880
请登录查看更多情报信息。
Same Patch Batch · Mattermost · 2026-05-21 · 3 CVEs total
| CVE-2026-4858 | 8.0 HIGH | Path traversal in integration action URL leading to arbitrary API execution via system adm |
| CVE-2026-4055 | 4.3 MEDIUM | Insufficient permission validation on cross-team playbook run creation |
IV. Related Vulnerabilities
Same product: Mattermost
- CVE-2026-28735
GitHub OAuth Scope Validation - CVE-2026-4635
Persistent notification timing attack causing server denial - CVE-2026-3473
Improper file ownership validation in the Boards API allows - CVE-2026-4646
Insufficient input validation in GitHub plugin API causes de - CVE-2026-3636
Sanitize team member data returned by API
Same vendor: Mattermost
- CVE-2026-28735
GitHub OAuth Scope Validation - CVE-2026-4635
Persistent notification timing attack causing server denial - CVE-2026-3473
Improper file ownership validation in the Boards API allows - CVE-2026-4646
Insufficient input validation in GitHub plugin API causes de - CVE-2026-3636
Sanitize team member data returned by API
Same weakness: CWE-352
- CVE-2018-25354
Joomla Component jomres 9.11.2 Cross-Site Request Forgery - CVE-2018-25343
Smartshop 1 Cross-Site Request Forgery via editprofile.php - CVE-2026-9303
calcom cal.diy cross-site request forgery - CVE-2026-41074
RT has broken CSRF protection for authenticated users - CVE-2026-40864
JupyterHub: Cross-origin form POSTs bypass XSRF
V. Comments for CVE-2026-22880
No comments yet