CVE-2026-3524 | Mattermost Legal Hold Plugin up to 1.1.4 API authorization

Inserito da Angelo Barbosa | Apr 6, 2026 | CVE

A vulnerability has been found in Mattermost Legal Hold Plugin up to 1.1.4 and classified as critical. Affected is an unknown function of the component API Handler. This manipulation causes missing authorization.

The identification of this vulnerability is CVE-2026-3524. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.

CVE-2026-3524 | Mattermost Legal Hold Plugin up to 1.1.4 API authorization

Post correlati

CVE-2025-10465 | Birtech Sensaway up to 09022026 unrestricted upload

CVE-2025-68370 | Linux Kernel up to 6.17.12/6.18.1 coresight buffer overflow

CVE-2024-35222 | Tauri prior 1.6.7/2.0.0-beta.19 dangerousRemoteDomainIpcAccess access control

CVE-2025-40003 | Linux Kernel up to 4.19.266 ocelot kernel/workqueue.c cancel_delayed_work initialization