CVE-2026-27659
Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to properly validate CSRF tokens in the /api/v4/access_control_policies/{policy_id}/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a crafted request.. Mattermost Advisory ID: MMSA-2026-00578
Vendor
Product
CWE
Yayın Tarihi
2026-03-25 17:16:56
Güncelleme
2026-03-26 18:49:34
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-