Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization — MattermostCWE-862 6.5 Medium2025-09-15
CVE-2025-6465 Path traversal in image upload with preview overwrite — MattermostCWE-22 4.3 Medium2025-08-21
CVE-2025-8402 Nil pointer dereference in bulk import crashes server — MattermostCWE-1287 4.9 Medium2025-08-21
CVE-2025-47870 Team invite ID leaked to team admin with no member invite privileges — MattermostCWE-306 4.3 Medium2025-08-21
CVE-2025-49222 Mattermost Shared Channel Upload Type Validation Bypass — MattermostCWE-434 6.8 Medium2025-08-21
CVE-2025-8023 Path Traversal in Template Upload Allows Uploading Files Outside Target Directory — MattermostCWE-22 6.8 Medium2025-08-21
CVE-2025-53971 Channel and Team Membership APIs inadvertently allow loss of Member privileges. — MattermostCWE-863 3.8 Low2025-08-21
CVE-2025-47700 AI plugin APIs can be triggered using post actions — MattermostCWE-918 3.5 Low2025-08-21
CVE-2025-49810 Thread summarization allows persistent access to channel — MattermostCWE-863 3.5 Low2025-08-21
CVE-2025-36530 Import Path Traversal Enables Unauthorized Unsigned Plugin Installation — MattermostCWE-22 6.8 Medium2025-08-21
CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-862 4.0 Medium2025-08-11
CVE-2025-54525 Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-1287 7.5 High2025-08-11
CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-306 7.2 High2025-08-11
CVE-2025-54458 Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-862 5.0 Medium2025-08-11
CVE-2025-54463 Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-754 5.9 Medium2025-08-11
CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-862 4.0 Medium2025-08-11
CVE-2025-53514 Unexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-754 5.9 Medium2025-08-11
CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-862 3.7 Low2025-08-11
CVE-2025-52931 Unexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-754 7.5 High2025-08-11
CVE-2025-49221 Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-862 3.7 Low2025-08-11
CVE-2025-48731 Unauthorized Subscription Edit to Confluence Space in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-862 6.4 Medium2025-08-11
CVE-2025-44004 Unauthenticated Channel Subscription Creation in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-306 7.2 High2025-08-11
CVE-2025-44001 Unauthorized Channel Subscription Read in Mattermost Confluence Plugin — Mattermost Confluence PluginCWE-862 4.0 Medium2025-08-11
CVE-2025-6227 Invite token is used as part of the secure communication — MattermostCWE-522 2.2 Low2025-07-18
CVE-2025-6233 Arbitrary file read by system admin via path traversal — MattermostCWE-22 6.8 Medium2025-07-18
CVE-2025-6226 IDOR in CreatePost API allows for timeboxed message disclosure — MattermostCWE-306 6.5 Medium2025-07-18
CVE-2025-47871 Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API — MattermostCWE-863 4.3 Medium2025-06-30
CVE-2025-46702 Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management — MattermostCWE-863 5.4 Medium2025-06-30
CVE-2025-3227 Unauthorized channel member management through playbook runs — MattermostCWE-863 4.3 Medium2025-06-20
CVE-2025-3228 Unauthorized Guest user access to Playbook — MattermostCWE-863 4.3 Medium2025-06-20

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.