A vulnerability classified as critical was found in Mattermost up to 10.11.19/11.6.4/11.7.2. This vulnerability affects unknown code of the component OAuth Refresh Token Grant Endpoint. Such manipulation leads to privilege escalation.

This vulnerability is referenced as CVE-2026-9571. It is possible to launch the attack remotely. No exploit is available.