CVE-2026-2463

Description

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation.. Mattermost Advisory ID: MMSA-2025-00565

PUBLISHED Reserved 2026-02-13 | Published 2026-03-16 | Updated 2026-03-16 | Assigner Mattermost

Problem types

CWE-862: Missing Authorization

Product status

Credits

omarAhmed1 finder

References

mattermost.com/security-updates (MMSA-2025-00565) vendor-advisory

cve.org (CVE-2026-2463)

nvd.nist.gov (CVE-2026-2463)

Download JSON