A vulnerability, which was classified as critical, was found in Mattermost up to 10.11.19/11.6.4/11.7.2. Impacted is an unknown function of the component Incoming Webhook Handler. Executing a manipulation can lead to permission issues.

This vulnerability is tracked as CVE-2026-9708. The attack can be launched remotely. No exploit exists.