File Path Validation Vulnerability in Mattermost by Mattermost
CVE-2026-3112

6.8MEDIUM

Key Information:

Vendor

Mattermost
Status
Mattermost
Vendor
CVE Published:
26 March 2026

What is CVE-2026-3112?

Mattermost versions 10.11.x, 11.2.x, 11.3.x, and 11.4.x have a vulnerability that compromises file path validation in Advanced Logging configurations. This issue permits compromised settings to lead system administrators to access sensitive arbitrary host files, undermining the integrity of the system. Prompt remedial action is essential to safeguard your installation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mattermost 11.4.0

Mattermost 11.3.0 <= 11.3.1

Mattermost 11.2.0 <= 11.2.3

References

https://mattermost.com/security-updates
vendor-advisory

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

mufeedvh
JSON
.