CVE-2025-14573

Low CVSS: 3.8

Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561

Vendor

Mattermost

Product

Mattermost Server

CWE

CWE-862

Yayın Tarihi

2026-02-16 13:16:00

Güncelleme

2026-02-18 20:18:01

Source Identifier

responsibledisclosure@mattermost.com

KEV Date Added

Kategoriler

CWE-862 Mattermost Server LOW Mattermost 2026

Referanslar

https://mattermost.com/security-updates

Benzer Kayıtlar

Medium

CVE-2026-3112

Mattermost versions 11.4.x

Medium

CVE-2026-3113

Mattermost versions 11.4.x

Medium

CVE-2026-3114

Mattermost versions 11.4.x

Medium

CVE-2026-3115

Mattermost versions 11.2.x

High

CVE-2026-3108

Mattermost versions 11.2.x

Medium

CVE-2026-4274

Mattermost versions 11.2.x