Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NDefault status
unaffected
11.5.0 (semver)
affected
10.11.0 (semver)
affected
11.4.0 (semver)
affected
11.6.0
unaffected
11.5.2
unaffected
10.11.14
unaffected
11.4.4
unaffected
Description
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614
Problem types
CWE-522: Insufficiently Protected Credentials
Product status
11.5.0 (semver)
10.11.0 (semver)
11.4.0 (semver)
11.6.0
11.5.2
10.11.14
11.4.4
Credits
eeshan
References
mattermost.com/security-updates (MMSA-2026-00614)