CVE-2026-3117
MEDIUM
NVD
CVSS Score
6.5
Severity
MEDIUM
Published
May 18, 2026
Vendor
unknown
Description
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the { {gitlab instance {option} }} or the { {/gitlab webhook {option} }} commands. Mattermost Advisory ID: MMSA-2026-00600