Sensitive Configuration Exposure in Mattermost Plugins by Mattermost
CVE-2026-2476

7.6HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 16 March 2026

What is CVE-2026-2476?

Mattermost Plugins versions up to 2.0.3.0 exhibit a vulnerability that fails to adequately mask sensitive configuration values. This oversight allows an attacker with access to support packets to extract original plugin settings through exported configuration data. Such exposure can lead to the compromise of sensitive information and poses significant risks to affected users and organizations. For further details, refer to the Mattermost Advisory ID: MMSA-2026-00606.

Affected Version(s)

Mattermost 0 <= 2.0.3

Mattermost 2.3.1.0

References

https://mattermost.com/security-updates

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Feb 13, 2026

Credit

Yash-Chakerverti

CVE-2026-2476 Data

JSON