Sensitive Configuration Exposure in Mattermost Plugins by Mattermost
CVE-2026-2476

7.6HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 16 March 2026

What is CVE-2026-2476?

Mattermost Plugins versions up to 2.0.3.0 exhibit a vulnerability that fails to adequately mask sensitive configuration values. This oversight allows an attacker with access to support packets to extract original plugin settings through exported configuration data. Such exposure can lead to the compromise of sensitive information and poses significant risks to affected users and organizations. For further details, refer to the Mattermost Advisory ID: MMSA-2026-00606.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mattermost 0 <= 2.0.3

Mattermost 2.3.1.0

References

https://mattermost.com/security-updates

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Feb 13, 2026

Credit

Yash-Chakerverti

JSON

Mattermost

What is CVE-2026-2476?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.