CVE-2026-28735— GitHub OAuth Scope Validation
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 9
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mattermost | Mattermost | 11.6.0≤ 11.6.0 | affected |
11.5.0≤ 11.5.3 | affected | ||
11.4.0≤ 11.4.4 | affected | ||
10.11.0≤ 10.11.14 | affected | ||
11.7.0 | unaffected | ||
11.6.1 | unaffected | ||
11.5.4 | unaffected | ||
11.4.5 | unaffected | ||
| … +1 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-28735
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GitHub OAuth Scope Validation
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL.. Mattermost Advisory ID: MMSA-2026-00628
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mattermost | Mattermost | 11.6.0 ~ 11.6.0 | - |
II. Public POCs for CVE-2026-28735
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-28735
请登录查看更多情报信息。
Same Patch Batch · Mattermost · 2026-05-22 · 8 CVEs total
| CVE-2026-5740 | 7.5 HIGH | Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server |
| CVE-2026-4635 | 6.5 MEDIUM | Persistent notification timing attack causing server denial of service |
| CVE-2026-5755 | 6.5 MEDIUM | Denial of service via crafted TIFF file upload |
| CVE-2026-3473 | 5.9 MEDIUM | Improper file ownership validation in the Boards API allows unauthorised file access |
| CVE-2026-5308 | 4.9 MEDIUM | Missing request body size limits on Zoom plugin HTTP endpoints |
| CVE-2026-4646 | 4.3 MEDIUM | Insufficient input validation in GitHub plugin API causes denial of service |
| CVE-2026-3636 | 4.3 MEDIUM | Sanitize team member data returned by API |
IV. Related Vulnerabilities
Same product: Mattermost
- CVE-2026-4915
Server panic via outgoing webhook responses - CVE-2026-4635
Persistent notification timing attack causing server denial - CVE-2026-3473
Improper file ownership validation in the Boards API allows - CVE-2026-4646
Insufficient input validation in GitHub plugin API causes de - CVE-2026-3636
Sanitize team member data returned by API
Same vendor: Mattermost
- CVE-2026-4915
Server panic via outgoing webhook responses - CVE-2026-4635
Persistent notification timing attack causing server denial - CVE-2026-3473
Improper file ownership validation in the Boards API allows - CVE-2026-4646
Insufficient input validation in GitHub plugin API causes de - CVE-2026-3636
Sanitize team member data returned by API
Same weakness: CWE-863
- CVE-2018-25353
Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload - CVE-2026-6406
Docker Desktop Enhanced Container Isolation bypass via --use - CVE-2026-39966
TypeBot: Async filter() bypasses authorization, allowing IDO - CVE-2026-47102
LiteLLM < 1.83.10 Privilege Escalation via User Update - CVE-2026-47101
LiteLLM < 1.83.14 Privilege Escalation via API Key Generatio
V. Comments for CVE-2026-28735
No comments yet