Launch Week Day 1: Announcing Security Design Review

Mattermost Server is vulnerable CSV Injection

GHSA-8q4v-35v6-g8wr · CVE-2017-18900 · GO-2026-4303

Published May 24, 2022 · Modified Feb 3, 2026

Description

An issue was discovered in Mattermost Server before 4.0.4 and 3.10.3. It allows CSV injection via a compliance report.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes