CVE-2026-28735 | Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 Scope authorization

Inserito da Angelo Barbosa | Mag 22, 2026 | CVE

A vulnerability described as critical has been identified in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0. This affects an unknown function. Executing a manipulation of the argument Scope can lead to incorrect authorization.

This vulnerability is registered as CVE-2026-28735. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-28735 | Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 Scope authorization

Post correlati

CVE-2026-25141 | orval-labs orval up to 7.20.x/8.1.x Incomplete Fix CVE-2026-23947 jsStringEscape code injection (GHSA-gch2-phqh-fg9q)

CVE-2024-2925 | Beaver Builder Plugin up to 2.8.0.5 on WordPress Button cross site scripting

CVE-2024-32519 | GutenGeek GG Woo Feed for WooCommerce Plugin up to 1.2.6 on WordPress authorization

CVE-2026-42259 | Saltcorn up to 1.4.5/1.5.5/1.6.0-beta.4 is_relative_url redirect (GHSA-f3g8-9xv5-77gv)