CVE-2026-6517
đļ mediumSummary
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that routes to an external web server. Mattermost Advisory ID: MMSA-2026-00651
CVSS Score
6.3
Medium
EPSS Score
0.2
Exploit Probability
Published Date
2026-06-15
First Seen: 2026-06-16
đ Relative Risk Intelligence
This CVE is Lower Risk - more severe than 39.3% of all 328,009 vulnerabilities in our database.
#199,264
Below average severity
Severity Percentile
đ¯ CISA SSVC Assessment Updated: Jun 15, 2026
đ Exploitation Status
None
No known exploits
âī¸ Automatable
NO
Requires human interaction
đĨ Technical Impact
Partial
Limited system impact
đ Discovered By
falke
SSVC data provided by
CISA
Last Modified
2026-06-16
Source
NVD đ
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE IDs (Weakness Types)