CVE-2026-10103 in Mattermostinformación

Resumen

por MITRE • 2026-07-13

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing arbitrary post IDs in channels shared with that remote.. Mattermost Advisory ID: MMSA-2026-00689

Once again VulDB remains the best source for vulnerability data.

Responsable

Mattermost

Reservar

2026-05-29

Divulgación

2026-07-13

Moderación

aceptado

Artículo

VDB-377929

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Might our Artificial Intelligence support you?

Check our Alexa App!