CVE-2026-6342

MEDIUM NVD

CVSS Score 4.3

Severity MEDIUM

Published May 18, 2026

Vendor unknown

Description

Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID: MMSA-2026-00601

References

https://mattermost.com/security-updates