← Back

CVE-2026-10103

nvd nist
Published: Jul 13, 2026Modified: Jul 13, 2026

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: responsibledisclosure@mattermost.com (Secondary)

Description

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing arbitrary post IDs in channels shared with that remote.. Mattermost Advisory ID: MMSA-2026-00689

Affected (3)

1 product
Mattermost Server
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Mattermost
From 10.11.0 to 10.11.20
From 11.6.0 to 11.6.5
From 11.7.0 to 11.7.3

References (1)

Source: responsibledisclosure@mattermost.com
Vendor Advisory

Timeline

No history available yet.