Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-9824— Remote cluster metadata enumeration via /share-channel autocomplete

CVSS 4.3 · Medium

Possible ATT&CK Techniques 1AI

T1005 · Data from Local System
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-9824

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Remote cluster metadata enumeration via /share-channel autocomplete
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to check the manage_shared_channels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash command autocomplete.. Mattermost Advisory ID: MMSA-2026-00676
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MattermostMattermost 11.7.0 ~ 11.7.2 -

II. Public POCs for CVE-2026-9824

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-9824

登录查看更多情报信息。

Same Patch Batch · Mattermost · 2026-07-13 · 10 CVEs total

CVE-2026-68506.5 MEDIUMCrafted message attachment causes client-side denial of service via markdown parser regex
CVE-2026-101066.5 MEDIUMUnauthorized users can trigger interactive post actions in private channels via action coo
CVE-2026-95715.9 MEDIUMDeactivated user accounts can continue to obtain valid OAuth access tokens via refresh tok
CVE-2026-95975.4 MEDIUMDeactivated guest accounts can authenticate via magic-link token in Mattermost REST API lo
CVE-2026-100855.4 MEDIUMOrdinary group/direct message member can enable group_constrained and remove all channel p
CVE-2026-97084.9 MEDIUMIncoming webhook user attribution via unvalidated webhook owner
CVE-2026-65414.3 MEDIUMUnscoped updates to other playbooks' metric configuration
CVE-2026-101034.3 MEDIUMAuthenticated remote cluster can modify or delete posts it does not own in Mattermost Conn
CVE-2026-98203.8 LOWMattermost schemes teams endpoint exposes private team invite IDs

IV. Related Vulnerabilities

V. Comments for CVE-2026-9824

No comments yet


Leave a comment