Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://mattermost.com/security-updates |
|
Mon, 13 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mattermost
Mattermost mattermost |
|
| Vendors & Products |
Mattermost
Mattermost mattermost |
Mon, 13 Jul 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690 | |
| Title | Unauthorized users can trigger interactive post actions in private channels via action cookie channel mismatch in Mattermost | |
| Weaknesses | CWE-863 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2026-07-13T13:56:41.047Z
Reserved: 2026-05-29T16:06:43.719Z
Link: CVE-2026-10106
Updated: 2026-07-13T13:56:37.806Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T09:30:04Z