Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 4.3 Go

Mattermost doesn't check public/private permissions

GHSA-m79q-8qf5-v622 · CVE-2026-6343

Published · Modified

Description

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes