CVE-2026-9708 in Mattermostinformación

Resumen

por MITRE • 2026-07-13

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via crafted incoming webhook configuration and payloads.. Mattermost Advisory ID: MMSA-2026-00683

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsable

Mattermost

Reservar

2026-05-27

Divulgación

2026-07-13

Moderación

aceptado

Artículo

VDB-377933

CPE

listo

EPSS

0.00210

KEV

no

Actividades

muy bajo

Fuentes

Want to know what is going to be exploited?

We predict KEV entries!