CVE-2026-0997
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in user to change Zoom meeting restrictions for arbitrary channels via crafted API requests.. Mattermost Advisory ID: MMSA-2025-00558
Vendor
Product
CWE
Yayın Tarihi
2026-02-16 10:16:07
Güncelleme
2026-02-18 20:23:34
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-