MEDIUM 4.3 Go
Mattermost fails to properly restrict access to archived channel search API
GHSA-j6gg-r5jc-47cm · CVE-2025-11776 · GO-2025-4126
Published · Modified
Description
Mattermost versions < 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/{team_id}/channels/search_archived endpoint
Ready to move
Start Securing
Free, no credit card | First findings in minutes