CVEFinder.io

CVE-2026-3495

ℹī¸ low
🔍 Scan for this CVE
Summary

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622

CVSS Score
3.8
Low
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-18
First Seen: 2026-05-19
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 4.4% of all 321,566 vulnerabilities in our database.

#307,305
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: May 18, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
🏆 Discovered By
shoodagiri
SSVC data provided by CISA
Last Modified 2026-05-19
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-79

đŸ“Ļ Affected Products 2

Vendor Product Status Affected Versions
mattermost mattermost_server Affected
> 10.11.0 < 10.11.14
mattermost mattermost_server Affected
> 11.5.0 < 11.5.2

🔗 References 1

https://mattermost.com/security-updates
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-28759 đŸ”ļ medium 4.3 0.0 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate that a remote cluster has a... 2026-05-18
CVE-2026-2325 đŸ”ļ medium 4.3 0.0 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the request body o... 2026-05-18
CVE-2026-3637 đŸ”ļ medium 4.3 0.0 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post channel permis... 2026-05-18
CVE-2026-4273 ℹī¸ low 3.7 0.0 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs from the orig... 2026-05-18
CVE-2026-6340 đŸ”ļ medium 4.3 0.0 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure befo... 2026-05-18
CVE-2026-28732 đŸ”ļ medium 4.3 0.0 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word u... 2026-05-18
These CVEs affect the same products