CVE-2026-9597 in Mattermostinformação

Sumário

de MITRE • 13/07/2026

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsável

Mattermost

Reservar

26/05/2026

Divulgação

13/07/2026

Moderação

aceite

Entrada

VDB-377932

CPE

pronto

EPSS

0.00000

KEV

não

Atividades

baixo

Fontes

Do you want to use VulDB in your project?

Use the official API to access entries easily!