CVE-2026-26230
3.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Exploitability: 1.2 / Impact: 2.5
Source: responsibledisclosure@mattermost.com (Secondary)
Description
Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531
Affected (1)
Products: Mattermost: Mattermost Server
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 10.11.0 to 10.11.11 |
References (1)
Timeline
No history available yet.