Path Traversal Vulnerability in Mattermost Go Module
CVE-2026-13426

5.4MEDIUM

What is CVE-2026-13426?

The Mattermost Go module prior to version 0.1.22 is susceptible to a path traversal vulnerability that compromises the security of API route paths. This flaw arises from the insufficient validation of path parameters, enabling attackers to redirect API calls to unauthorized endpoints by manipulating IDs that include path traversal components. Consequently, this could lead to exploitable pathways that compromise data integrity and system security.

Affected Version(s)

github.com/mattermost/mattermost/server/public v0.0.0

github.com/mattermost/mattermost/server/public v0.1.22

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Juho Forsén
.