CVE-2026-21386
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588
Vendor
Product
CWE
Yayın Tarihi
2026-03-16 15:16:20
Güncelleme
2026-03-18 13:53:15
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-