Mattermost Desktop

mattermost_desktop

Vendor: Mattermost • 24 CVEs

CVEs (24)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-1628 1Mattermost 1Mattermost Desktop Mar 5, 2026 Mar 2, 2026 N/A· v4 4.6 MEDIUM· v3 N/A· v2 Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted ser...Show more Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server. Mattermost Advisory ID: MMSA-2026-00596Show less
CVE-2026-1046 1Mattermost 1Mattermost Desktop Mar 23, 2026 Feb 16, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in th...Show more Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577Show less
CVE-2025-13326 1Mattermost 1Mattermost Desktop Dec 18, 2025 Dec 17, 2025 N/A· v4 3.9 LOW· v3 N/A· v2 Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp...Show more Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.Show less
CVE-2025-13321 1Mattermost 1Mattermost Desktop Dec 18, 2025 Dec 17, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially...Show more Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.Show less
CVE-2025-55035 1Mattermost 1Mattermost Desktop Oct 29, 2025 Oct 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provid...Show more Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed.Show less
CVE-2025-58084 1Mattermost 1Mattermost Desktop Oct 29, 2025 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user...Show more Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.Show less
CVE-2025-1398 1Mattermost 1Mattermost Desktop Sep 25, 2025 Mar 17, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
CVE-2024-45835 1Mattermost 1Mattermost Desktop Nov 1, 2024 Sep 16, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
CVE-2024-39772 1Mattermost 1Mattermost Desktop Nov 1, 2024 Sep 16, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
CVE-2024-39613 1Mattermost 1Mattermost Desktop Sep 20, 2024 Sep 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to c...Show more Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.Show less
CVE-2024-37182 1Mattermost 1Mattermost Desktop Nov 21, 2024 Jun 14, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's syst...Show more Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.Show less
CVE-2024-36287 1Mattermost 1Mattermost Desktop Nov 21, 2024 Jun 14, 2024 N/A· v4 3.3 LOW· v3 N/A· v2 Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVE-2023-5920 1Mattermost 1Mattermost Desktop Nov 21, 2024 Nov 2, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
CVE-2023-5876 1Mattermost 1Mattermost Desktop Nov 21, 2024 Nov 2, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
CVE-2023-5875 1Mattermost 1Mattermost Desktop Nov 21, 2024 Nov 2, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
CVE-2023-5339 1Mattermost 1Mattermost Desktop Nov 21, 2024 Oct 17, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged.
CVE-2023-2000 1Mattermost 1Mattermost Desktop Nov 21, 2024 May 2, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
CVE-2016-11064 1Mattermost 1Mattermost Desktop Nov 21, 2024 Jun 19, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
CVE-2018-21265 1Mattermost 1Mattermost Desktop Nov 21, 2024 Jun 19, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).
CVE-2019-20861 1Mattermost 1Mattermost Desktop Nov 21, 2024 Jun 19, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.

12 Next