CVE-2026-28759— Mattermost 安全漏洞
Affected Version Matrix 7
| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| Mattermost | Mattermost | 11.5.0≤ 11.5.1 | affected |
10.11.0≤ 10.11.13 | affected | ||
11.4.0≤ 11.4.3 | affected | ||
11.6.0 | unaffected | ||
11.5.2 | unaffected | ||
10.11.14 | unaffected | ||
11.4.4 | unaffected |
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-28759の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Insufficient authorization in shared channel membership sync allows remote cluster to remove users from arbitrary channels
ソース: NVD (National Vulnerability Database)
脆弱性説明
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel, including private channels, via crafted membership sync messages targeting channels the remote cluster is not authorized to access. Mattermost Advisory ID: MMSA-2026-00576
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
授权机制不正确
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Mattermost 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 11.5.1及之前的11.5.x版本、10.11.13及之前的10.11.x版本和11.4.3及之前的11.4.x版本存在安全漏洞,该漏洞源于共享频道成员同步时未验证远程集群是否有频道访问权限,可能导致恶意远程集群移除任意用户。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Mattermost | Mattermost | 11.5.0 ~ 11.5.1 | - |
II. CVE-2026-28759の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2026-28759のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Mattermost · 2026-05-18 · 21 CVEs total
| CVE-2026-6346 | 8.7 HIGH | Sensitive credentials exposed in plaintext in Mattermost support packets |
| CVE-2026-6347 | 7.6 HIGH | Mattermost Calls plugin exposes TURN server credentials in plaintext in support packets |
| CVE-2026-6345 | 6.5 MEDIUM | Prevent password disclosure and force reset during Slack import |
| CVE-2026-5163 | 6.5 MEDIUM | Missing authorization check in AI message rewrite endpoint allows access to private thread |
| CVE-2026-3117 | 6.5 MEDIUM | Instance and webhook GitLab plugin commands were able to be run by non-admin users |
| CVE-2026-3471 | 6.5 MEDIUM | Opening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop |
| CVE-2026-2325 | 4.3 MEDIUM | Improper Input Validation in MS Teams Meetings API Handler |
| CVE-2026-3637 | 4.3 MEDIUM | Mattermost fails to enforce create_post permission when editing posts |
| CVE-2026-6342 | 4.3 MEDIUM | Group prefix matching bypass for subscriptions |
| CVE-2026-6341 | 4.3 MEDIUM | Incomplete group locking implementation |
| CVE-2026-6340 | 4.3 MEDIUM | Memory Exhaustion via Malicious 7zip File Upload |
| CVE-2026-6339 | 4.3 MEDIUM | Missing request origin validation on burn-on-read reveal endpoint |
| CVE-2026-6343 | 4.3 MEDIUM | Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing |
| CVE-2026-28732 | 4.3 MEDIUM | Slash command trigger-word update allowed command hijacking |
| CVE-2026-3495 | 3.8 LOW | Unescaped variables during error page composition |
| CVE-2026-4273 | 3.7 LOW | Insufficient token rotation validation in remote cluster invite confirmation |
| CVE-2026-6333 | 3.5 LOW | SSRF via Host Header Spoofing in Custom Slash Commands |
| CVE-2026-4643 | 3.5 LOW | Calling window.close() from server-side content causes crash in the Mattermost Desktop App |
| CVE-2026-6334 | 3.1 LOW | OAuth authorization code client binding not enforced during token redemption in Mattermost |
| CVE-2026-4286 | 3.1 LOW | Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member |
IV. 関連脆弱性
同じ製品: Mattermost
- CVE-2026-6957
Path traversal in Mattermost Legal Hold plugin via unsanitiz - CVE-2026-4915
Server panic via outgoing webhook responses - CVE-2026-28735
GitHub OAuth Scope Validation - CVE-2026-4635
Persistent notification timing attack causing server denial - CVE-2026-3473
Improper file ownership validation in the Boards API allows
同じベンダー: Mattermost
- CVE-2026-6957
Path traversal in Mattermost Legal Hold plugin via unsanitiz - CVE-2026-4915
Server panic via outgoing webhook responses - CVE-2026-28735
GitHub OAuth Scope Validation - CVE-2026-4635
Persistent notification timing attack causing server denial - CVE-2026-3473
Improper file ownership validation in the Boards API allows
同じ弱点: CWE-863
- CVE-2026-6713
Incorrect Authorization in GitLab - CVE-2026-45081
Frappe HR: Permission Bypass in HRMS Leave Details API - CVE-2026-45718
Budibase: Row Action Trigger Bypasses View Row Filter Securi - CVE-2026-48152
Budibase: Basic app users can exfiltrate stored REST datasou - CVE-2026-44330
free5GC: NEF nnef-pfdmanagement API is unauthenticated; forg
V. CVE-2026-28759へのコメント
まだコメントはありません