Path Traversal Vulnerability in Mattermost Go Module
CVE-2026-13426
5.4MEDIUM
Key Information:
- Vendor
Mattermost
- Vendor
- CVE Published:
- 26 June 2026
What is CVE-2026-13426?
The Mattermost Go module prior to version 0.1.22 is susceptible to a path traversal vulnerability that compromises the security of API route paths. This flaw arises from the insufficient validation of path parameters, enabling attackers to redirect API calls to unauthorized endpoints by manipulating IDs that include path traversal components. Consequently, this could lead to exploitable pathways that compromise data integrity and system security.
Affected Version(s)
github.com/mattermost/mattermost/server/public v0.0.0
github.com/mattermost/mattermost/server/public v0.1.22