Authorization Bypass Vulnerability in Mattermost by Mattermost
CVE-2026-27769

2.7LOW

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-27769?

The vulnerability in Mattermost versions 10.11.x up to 10.11.12 arises from a failure to properly validate user ownership within the Connected Workspaces feature. This oversight allows a malicious remote server, when connected through the Connected Workspaces API, to alter the displayed status of local users without proper authorization. This can lead to unauthorized access and manipulation of user information, posing serious security risks to the affected Mattermost installations.

Affected Version(s)

Mattermost 10.11.0 <= 10.11.12

Mattermost 11.5.0

Mattermost 10.11.13

References

https://mattermost.com/security-updates

vendor-advisory

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Mar 16, 2026

Credit

daw10

CVE-2026-27769 Data

JSON