User ID Enumeration Vulnerability in Mattermost by Mattermost
CVE-2026-3115

4.3MEDIUM

Key Information:

Vendor

Mattermost
Status
Mattermost
Vendor
CVE Published:
26 March 2026

What is CVE-2026-3115?

Mattermost's handling of view restrictions presents a significant issue in specified versions, allowing authenticated guest users to enumerate user IDs beyond their intended visibility limits through the group retrieval endpoint. This can lead to unauthorized access to user information, raising potential privacy and security concerns within the application.

Affected Version(s)

Mattermost 11.2.0 <= 11.2.2

Mattermost 10.11.0 <= 10.11.10

Mattermost 11.4.0

References

https://mattermost.com/security-updates
vendor-advisory

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

winfunc
.