Multiple Vulnerabilities in Mattermost Allow Remote Attack CVSS 7.3
Summary
CERT-Bund issued security advisory WID-SEC-2026-1173 disclosing multiple vulnerabilities in Mattermost instant-messaging software. Affected versions include Mattermost prior to 11.7.0, 11.6.1, 11.5.4, 11.4.5, and 10.11.15. An attacker can exploit these vulnerabilities to conduct a remote attack. The vulnerability has a CVSS Base Score of 7.3 (high) and Temporal Score of 6.4 (medium). Mitigations are available.
Organisations running Mattermost should audit their deployments against the affected version list. Given the CVSS 7.3 score and remote attack vector, self-hosted Mattermost instances should be treated as a priority patching target. CVEs associated with this advisory should be tracked for detailed remediation guidance.
What changed
CERT-Bund published a security advisory identifying multiple vulnerabilities in Mattermost collaboration platform. The vulnerabilities affect multiple versions across the 10.x, 11.x, and 11.x product lines. The CVSS Base Score of 7.3 indicates high severity, and the attack vector is remote, meaning no physical access is required.
Organisations running Mattermost should immediately identify affected deployments and apply available patches or mitigations. The advisory covers Linux, UNIX, Windows, and other operating system environments where Mattermost is deployed. Security teams should prioritise patching given the high CVSS score and remote exploitability.
What to do next
- Identify if any Mattermost instances run affected versions (<11.7.0, <11.6.1, <11.5.4, <11.4.5, <10.11.15)
- Apply available patches or mitigations to affected systems
Archived snapshot
Apr 20, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1173] Mattermost: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff CVSS Base Score 7.3 (hoch) CVSS Temporal Score 6.4 (mittel) Remoteangriff ja Datum 19.04.2026 Stand 20.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
Mattermost ist ein webbasierter Instant-Messaging-Dienst.
Produkte
19.04.2026
- Mattermost Mattermost <11.7.0
Mattermost Mattermost <11.6.1
Mattermost Mattermost <11.5.4
Mattermost Mattermost <11.4.5
Mattermost Mattermost <10.11.15
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Mattermost ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.