Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications

GHSA-hf8w-x9h5-5gf9 · CVE-2026-2461 · GO-2026-4782

Published Mar 16, 2026 · Modified Mar 23, 2026

Description

Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-2461
WEB https://github.com/mattermost/mattermost-plugin-boards/commit/57c5be5b6ef59d02dd72e35094d1fae8ba6e9619
PACKAGE https://github.com/mattermost/mattermost-plugin-boards
WEB https://mattermost.com/security-updates

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes