Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values

GHSA-4ppj-6chv-5pgc · CVE-2026-2476 · GO-2026-4784

Published Mar 16, 2026 · Modified Mar 23, 2026

Description

Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-2476
WEB https://github.com/mattermost/mattermost-plugin-msteams/commit/036c761bd3cb9ece92c17f2b151dfa906cebdcf6
PACKAGE https://github.com/mattermost/mattermost-plugin-msteams
WEB https://mattermost.com/security-updates

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes