CVE-2026-2476 | THREATINT

Description

Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606

PUBLISHED Reserved 2026-02-13 | Published 2026-03-16 | Updated 2026-03-16 | Assigner Mattermost

HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

Any version

affected

2.3.1.0

unaffected

Credits

Yash-Chakerverti finder

References

mattermost.com/security-updates (MMSA-2026-00606) vendor-advisory

cve.org (CVE-2026-2476)

nvd.nist.gov (CVE-2026-2476)

Download JSON